The Accessibility Tree Is How AI Agents Read Your Site & It’s Breaking

The accessibility tree decides whether an AI agent can read and act on your page. The 2026 data says the web is getting ...
The Hacker News

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

JFrog found malicious npm packages that deploy a Windows RAT to steal Chrome credentials, run commands, and transfer files.
techtimes

OpenAI Codex Automation Gains Record and Replay: Show It Once, Skip the Script

OpenAI has added a feature to its Codex macOS app that changes the barrier to AI-powered automation: instead of writing a prompt or configuring a workflow, a user performs a task while Codex watches, ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
InfoQ

Azure Functions Ships Serverless Agents Runtime at Build 2026

Azure Functions shipped a serverless agents runtime in public preview at Build 2026. Agents are defined in .agent.md markdown ...
CSO Online

Microsoft says web-enabled AI agents can trigger host-level RCE

Microsoft’s AutoJack research shows how a malicious webpage rendered by an AI browsing agent can reach local MCP services and ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
New York Magazine

These Exfoliating Pads Erased My Blackheads, KP, and Razor Bumps

Exfoliation is a necessity in my skin-care regimen. That goes for my face and my body, since I’m prone to stubborn blackheads on my nose and a delightful mix of KP on my neck and chest and ingrowns ...
WFMY News2

Berger–Page race remains razor thin with no military ballots received so far

GREENSBORO, N.C. — With the deadline approaching for military and overseas ballots to arrive, election officials in Guilford and Rockingham counties say they have not received any ballots that still ...
Bleeping Computer

Wikipedia hit by self-propagating JavaScript worm that vandalized pages

Update: Added Wikimedia Foundation's statement below and made a correction to denote it was only the Meta-Wiki that was vandalized. The Wikimedia Foundation suffered a security incident today after a ...