latesthackingnews.comOpinion

Amazon Q’s MCP Flaw Is an Industry Warning: AI Tools Still Lack Workspace Trust Standards

CVE-2026-12957 in Amazon Q is the third MCP auto-execution vulnerability in three AI coding tools. The pattern reveals a ...
Decrypt

Ornith Is the Open-Source Coding Model Built for Agents, Not Humans

Ornith 1.0 by DeepReinforce is meant for developers who want AI that finishes the job, not just autocompletes the next line.
Dark Reading

Amazon Q VS Extension Flaw Leads to Cloud Credential Theft

Adversaries could plant a malicious repository that executes arbitrary code and steals cloud credentials, showcasing MCP risk ...
Microsoft

Chromium extension uses AI‑related branding to redirect browser search

A malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI redirects browser search traffic using MV3 APIs and intermediary infrastructure.
Visual Studio Magazine

Open VSX 1.0.0 Puts Focus on Open Extension Registry for VS Code Ecosystem

Eclipse Open VSX has reached 1.0.0, highlighting its role as a vendor-neutral registry for VS Code-compatible extensions.
Barron's

Cloudflare Inc. Cl A

Cloudflare, Inc. engages in the provision of cloud-based services to secure websites. It offers various products for performance and reliability, video streaming and delivery, advanced security, ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...