> TritonInfoSec News
Home / Jun 21, 2026 / Story
0
#8 The Hacker News general June 19, 2026 at 15:30 UTC

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

By [email protected] (The Hacker News)

AI Summary

Microsoft researchers detailed 'AutoJack,' an exploit chain where a malicious web page loaded by an AI browsing agent can invoke a privileged local service via JavaScript and achieve host-level code execution — requiring no credentials or additional user interaction after initial page load. The attack demonstrates a new class of AI agent security risk where agentic browsing capabilities create unintended local privilege escalation paths.

Read full article → https://thehackernews.com/2026/06/autojack-attack-…

Relevance score: 75.0/100

# More from June 21

  1. 1
    CISA warns Fortinet users to secure devices after FortiBleed leak BleepingComputer
  2. 2
    FortiBleed: 86,000 Fortinet Device Credentials Compromised SecurityWeek
  3. 3
    15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown SecurityWeek
  4. 4
    Police raid malware network tied to Russia's Evil Corp hacker group The Record
  5. 5
    Microsoft links Mastra AI supply chain attack to North Korean hackers BleepingComputer
  6. 6
    Cybersecurity Firms Impacted by Klue Supply Chain Attack SecurityWeek
  7. 7
    Klue OAuth breach victim list grows as Icarus hackers claim attack BleepingComputer
  8. 9
    Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys The Hacker News
  9. 10
    Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone The Hacker News