WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

New Google Chrome 149 Update Patches Exploited Zero-Day

Following the largest-ever Google Chrome security fix, a new update is now available, and one vulnerability stands out: a ...
GitHub

Valerian7/AI_JS_DEBUGGER

大模型API密钥(兼容OpenAI的API请求格式,如Qwen、deepseek、Chatgpt、Claude等,可自定义添加) AI_JS_DEBUGGER_0.4.0 ├── backend │ ├── app.py # Flask + Socket.IO 入口 │ ├── routes/ # 调试、配置 ...
Bleeping Computer

Google accidentally exposed details of unfixed Chromium flaw

Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device.