Google warns of two actively exploited Chrome zero days

One allows a remote attacker to execute arbitrary code inside a sandbox, the other could result in loss of sensitive information.
The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure.

Andrej Karpathy's new open source 'autoresearch' lets you run hundreds of AI experiments a night — with revolutionary implications

An AI agent reads its own source code, forms a hypothesis for improvement (such as changing a learning rate or an architecture depth), modifies the code, runs the experiment, and evaluates the results ...
TMCnet

ThreatDown Uncovers First Cyber Attack Abusing Deno JavaScript Runtime for Fileless Malware Delivery

ThreatDown, the corporate business unit of Malwarebytes, today published research documenting what researchers believe to be the first documented case of attackers abusing the Deno JavaScript runtime ...
The Hacker News

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.

Marketeam.ai Redefines Chat Interface: Agents Now Architect and Compile Custom JavaScript UI in Real-Time

Marketeam.ai is building the first Integrated Marketing Environment (IME) - think of it like an IDE for marketing, but proactive. Instead of fragmented tools and dashboards, it runs marketing as a ...