AutoJack hijacks AI agents, Splunk RCE under attack

Microsoft researchers disclosed AutoJack, an exploit chain where a single malicious web page abuses the AutoGen Studio browsing agent to cross the localhost trust boundary and spawn arbitrary processes on the host. The find shows AI agents that browse untrusted sites can become unchecked delivery channels, forcing a rethink of sandboxing and localhost assumptions.

A crafted MPLS packet with no Bottom-of-Stack label triggers an out-of-bounds read in OpenBSD's mpls_do_error, leaking 4 bytes of adjacent kernel stack memory in an ICMP/MPLS error response. The bug is remote, repeatable, and affects any system with MPLS enabled until the June 18, 2026 fix.

Splunk Enterprise versions 10.2 below 10.2.4 and 10.0 below 10.0.7 allow unauthenticated attackers to create or truncate arbitrary files via a PostgreSQL sidecar endpoint, enabling remote code execution. Splunk confirmed limited exploitation within days of disclosure, prompting CISA to give federal agencies just three days to patch.

Researchers uncovered GlassWASM, a TinyGo‑compiled WebAssembly stager embedded in two counterfeit Open VSX extensions. On activation the WASM module contacts the Solana blockchain for instructions, then fetches and runs PowerShell payloads, showcasing a novel supply‑chain attack that leverages blockchain as a dead‑drop C2.

Researchers show how Slack’s automatic link‑preview fetch lets an implant issue GET requests that bypass corporate proxies, using the preview’s meta description to return commands. The method works even when X‑Slack‑Allowed‑Workspaces‑Requester blocks direct Slack API calls, giving red teams a covert channel in tightly restricted environments.

Security researchers found 15 JetBrains Marketplace plugins that silently harvest AI service API keys and ship them to a malicious server, exposing up to 70,000 developers to credential theft. The plugins, masquerading as AI assistants, have been active since Oct 2025 and continue to be released, turning the IDE ecosystem into a new supply‑chain attack vector.

EU law‑enforcement dismantled AudiA6, a crypto‑laundering service that funneled over €336 million for ransomware gangs. The operation seized dozens of servers, blocked domains and froze €692 k in crypto, striking a major financial pipeline for cybercrime. The takedown should choke ransom payouts and disrupt related illicit services.