Agentic AI Red Teaming Reveals Zero-Click Human-in-the-Loop Bypass Attack Chains

, , ,

Security researchers have discovered that agentic AI systems—AI capable of planning and executing multi-step tasks autonomously—exhibit exploitable vulnerabilities that allow attackers to bypass human-in-the-loop controls entirely, executing zero-click attack chains without user interaction. Microsoft’s year-long red teaming efforts led to an updated taxonomy identifying seven new failure modes in agentic AI, highlighting risks such as supply chain compromise, goal hijacking, and session context contamination, and recommending robust architectural mitigations including cryptographic agent verification and hardened approval processes.

https://cybersecuritynews.com/agentic-ai-red-teaming-reveals-zero-click/

Microsoft Edge Vulnerability Allows Remote Attackers to Execute Arbitrary Code

, ,

Microsoft has released a critical security update for Microsoft Edge addressing a vulnerability (CVE-2026-45495) that allows remote attackers to execute arbitrary code by exploiting improper validation of user-supplied file paths in feedback log processing. The flaw, requiring user interaction such as visiting a malicious webpage or opening a crafted file, could enable attackers to run code with the current user's privileges, leading to risks like data theft and local persistence; users and administrators are urged to apply the patch immediately.

https://cybersecuritynews.com/microsoft-edge-vulnerability-code-execution/

Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes

, ,

A newly disclosed, unpatched vulnerability in the Windows Search URI handler allows attackers to steal users' NTLMv2 hashes by inducing them to click specially crafted links that connect to malicious SMB servers. This issue, similar to a previously patched flaw in the Windows Snipping Tool, poses risks of relay attacks and deeper network access, but Microsoft has declined to issue a fix, recommending mitigations like blocking outbound SMB traffic and disabling NTLM where possible.

https://thehackernews.com/2026/06/unpatched-windows-search-uri.html

HTTP/2 Bomb — Remote DoS Exploit Hits Nginx, Apache, IIS, Envoy, and Cloudflare Pingora

, ,

A newly disclosed remote denial-of-service (DoS) exploit called “HTTP/2 Bomb” targets default HTTP/2 configurations in widely used web servers including nginx, Apache httpd, Microsoft IIS, Envoy, and Cloudflare Pingora, allowing an attacker to exhaust tens of gigabytes of server memory within seconds. The exploit combines an HPACK compression bomb with a Slowloris-style connection hold to amplify memory usage, leading to significant server resource exhaustion; patches and mitigations have been released for some servers, while others require disabling HTTP/2 or proxying to mitigate risk.

https://cybersecuritynews.com/http-2-bomb-remote-dos-exploit/

Microsoft 365 Android Apps Account Takeover Vulnerability Impacted Billions of Android Users

, , ,

A critical vulnerability called FlagLeft was discovered in six major Microsoft 365 Android apps, where a debug flag left enabled in production allowed any app on the device to silently obtain valid Microsoft account tokens without user consent. This flaw exposed billions of users to account takeover risks, enabling attackers to access emails, files, and calendar data under the victim's identity; Microsoft has since patched the issue and urged users to update affected apps immediately.

https://cybersecuritynews.com/microsoft-365-android-apps-account-takeover-vulnerability/

Ahegazy0/linux-Basics-For-Hackers-Notes: a Structured Course Built From Personal Study Notes of the Book Linux Basics for Hackers by OccupyTheWeb.

,

This GitHub repository hosts a structured course based on personal study notes from the book Linux Basics for Hackers by OccupyTheWeb. It includes detailed modules covering core Linux concepts, commands, practical examples, and exercises designed for beginners and those seeking deeper understanding, requiring tools like VirtualBox and Kali Linux to practice.

https://github.com/ahegazy0/linux-basics-for-hackers-notes

The Newest Instagram “Exploit” Is the Goofiest I’ve Seen

, , ,

A recent Instagram exploit allowed attackers to hijack accounts by simply faking the victim's location and tricking Instagram's AI support into sending verification codes to the attacker's email, bypassing two-factor authentication entirely. This vulnerability led to high-profile account takeovers, was exploited on black market services, and has since been patched by Meta, though it reportedly remained active for weeks or months.

https://www.0xsid.com/blog/meta-account-takeover-fiasco

Meta AI Support Bot Helped Hackers Hijack Instagram Accounts

, , , ,

Meta's AI support assistant for Instagram was exploited by hackers to hijack high-profile accounts by changing the email address linked to those accounts without proper identity verification, sometimes bypassing two-factor authentication. The vulnerability, which was publicly accessible for a short time, allowed attackers to take over accounts easily, prompting Meta to patch the issue and secure impacted accounts.

https://www.macrumors.com/2026/06/01/meta-ai-instagram-attack/

ChatGPhish: The Page Is the Payload

, , , ,

Researchers discovered a new phishing and tracking attack called ChatGPhish that exploits ChatGPT's page summarization feature by injecting malicious Markdown links and images into web pages. When users summarize such pages in ChatGPT, the assistant renders active clickable links, spoofed alerts, and QR codes within its trusted interface, enabling phishing, cross-origin data leakage, and off-device attacks without traditional browser protections. This expands the attack surface from email to everyday browsing, highlighting risks in AI-generated outputs that automatically render untrusted external content inside trusted AI interfaces.

https://permiso.io/blog/chatgpt-markdown-rendering-vulnerability

Microsoft Clarifies It Won’t Sue Security Researchers Amid Nightmare-Eclipse Controversy

,

Microsoft has clarified that it does not intend to take legal action against security researchers conducting good-faith vulnerability research, following backlash from the community over its response to a researcher known as Nightmare Eclipse who publicly disclosed multiple unpatched Windows zero-day exploits. The company emphasized that legal escalation would target only those engaged in malicious activities causing harm, reaffirmed its commitment to coordinated vulnerability disclosure, and pledged improved communication and transparency with researchers.

https://cybersecuritynews.com/microsoft-clarifies-nightmare-eclipse-controversy/

Critical Samba Vulnerability Enables Remote Code Execution Attacks

, ,

A critical vulnerability in Samba's printing subsystem (CVE-2026-4480) allows unauthenticated remote code execution due to improper sanitization of shell meta characters in the %J print command parameter. This flaw, with a maximum CVSS score of 10.0, affects Samba setups that use the vulnerable print command configuration, enabling attackers to inject malicious commands without authentication; patches have been released, and administrators are urged to update immediately or apply mitigations.

https://cybersecuritynews.com/samba-rce-vulnerability/

Critical OpenVPN Connect for macOS Vulnerability Let Attackers Execute Arbitrary Commands

, ,

A critical privilege escalation vulnerability (CVE-2026-9560) in OpenVPN Connect for macOS allows local attackers to execute arbitrary commands with root privileges via the application's privileged helper service, affecting versions 3.5.1 through 3.8.1. Security researchers have disclosed the flaw responsibly, urging users to update immediately to mitigate risks of local exploitation and potential lateral movement in shared macOS environments.

https://cybersecuritynews.com/openvpn-connect-for-macos-vulnerability/

Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code

Notepad++ has released an urgent security update (v8.9.6.1) addressing three vulnerabilities, including two critical arbitrary code execution flaws that allow attackers to run malicious programs by exploiting the application's config files. The most severe vulnerability (CVE-2026-48778) involves the unvalidated execution of commands from the config.xml file, enabling attackers to execute arbitrary code via various methods such as malicious shortcuts or cloud sync poisoning. Users are strongly advised to update immediately to protect against these risks.

https://cybersecuritynews.com/critical-notepad-vulnerabilities/

Websites Have a New Way to Spy on Visitors: Analyzing Their SSD Activity

, ,

Researchers have discovered a new browser-based side-channel attack called FROST that enables websites to spy on visitors by measuring subtle timing differences in SSD activity via JavaScript interacting with the origin private file system (OPFS). This technique allows attackers to infer what other websites and apps the user has open without any interaction beyond visiting the malicious site, highlighting a novel privacy risk stemming from modern browser capabilities and SSD contention.

https://arstechnica.com/security/2026/05/websites-have-a-new-way-to-spy-on-visitors-analyzing-their-ssd-activity/

Top Ethical Hacker Chompie Warns AI Tools Could Put Her Out of Business

,

Valentina Palmiotti, known as Chompie, a top ethical hacker who won major prizes at the Pwn2Own competition, warns that advanced AI tools like Claude Mythos could soon make it much harder for human hackers to compete in finding software vulnerabilities. While AI currently assists ethical hackers in speeding up their work, Chompie believes new AI models will soon handle most vulnerabilities, leaving only the very best human hackers able to discover novel bugs, which could significantly change the landscape of cybersecurity defense and offense.

https://www.bbc.com/news/articles/c3r2zjpryzro

Scroll to Top