Vue normale

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hier4sysops

Cloudflare to block AI training crawlers by default on ad-supported sites

Par : IT News
2 juillet 2026 à 20:17
Cloudflare to block AI training crawlers by default on ad-supported sites
Cloudflare has announced a significant policy shift that will block "mixed-use" web crawlers from ad-supported pages by default starting September 15, 2026. This change targets bots that combine traditional search indexing with AI training or agentic functions, forcing providers to separate these activities. The update applies to all new Cloudflare customers, new sites from existing customers, and all users on the Free service tier.

Source

Google tests camera-based hand gesture reCAPTCHA to verify human users

Par : IT News
2 juillet 2026 à 16:56
Google tests camera-based hand gesture reCAPTCHA to verify human users
Google is testing a new reCAPTCHA verification method that requires users to perform hand gestures in front of their webcams. The system utilizes machine learning to map 21 specific coordinates on the hand, including finger joints and palm geometry, to ensure a live person is present. This experimental feature is designed to combat automated fraud such as credential stuffing and bulk account creation by implementing liveness detection.

Source

Google Chrome terminates Manifest V2 support in version 150

Par : IT News
2 juillet 2026 à 16:56
Google Chrome terminates Manifest V2 support in version 150
Google Chrome version 150 has officially removed support for Manifest V2 extensions, effectively disabling older ad blockers and tools. While initial expectations suggested this change would arrive with version 151, the transition occurred earlier than anticipated. This shift forces users to adopt Manifest V3 alternatives or seek different browser platforms to maintain specific extension functionalities.

Source

AI models enable browser-native ransomware by abusing File System Access API

Par : IT News
2 juillet 2026 à 10:32
AI models enable browser-native ransomware by abusing File System Access API
Check Point Research has identified a novel attack method where AI models like DeepSeek generate functional ransomware that operates entirely within a web browser. The technique leverages the legitimate File System Access API found in Chromium-based browsers to bypass traditional endpoint security that monitors for native binary execution. By connecting theoretical browser risks into a coherent attack chain, AI significantly lowers the barrier for low-skilled actors to create effective malware.

Source

New Model Context Protocol beta SDKs enable stateless AI agent scaling

Par : IT News
2 juillet 2026 à 10:32
New Model Context Protocol beta SDKs enable stateless AI agent scaling
The Model Context Protocol (MCP) is undergoing a major architectural shift with the release of the 2026-07-28 specification candidate and accompanying beta SDKs for Python, TypeScript, Go, and C#. This update transitions the protocol to a stateless core, eliminating the traditional "initialize" handshake and session-level requirements. These changes allow administrators to scale MCP servers using standard round-robin load balancers without needing sticky sessions or shared state stores.

Source

Visual Studio Code agents gain autonomous browser automation and testing tools

Par : IT News
1 juillet 2026 à 19:50
Visual Studio Code agents gain autonomous browser automation and testing tools
Visual Studio Code has introduced generally available browser tools that allow GitHub Copilot agents to autonomously build and verify web applications. These agents can now perform complex browser actions such as navigating pages, clicking elements, and handling dialogs to validate their own code. By capturing console errors and screenshots, the AI identifies functional bugs and implements fixes without manual developer intervention.

Source

Phantom squatting exploits AI hallucinations to deliver malware and phishing kits

Par : IT News
1 juillet 2026 à 12:15
Phantom squatting exploits AI hallucinations to deliver malware and phishing kits
Attackers are increasingly leveraging a technique called "phantom squatting" to weaponize non-existent domains generated by large language models. This attack vector involves adversaries preemptively registering plausible but hallucinated URLs that AI models frequently suggest to users or autonomous agents. Research indicates that these made-up domains are being used to host sophisticated phishing kits and deliver malicious Android applications.

Source

Microsoft has removed 119 malicious extensions from the Edge Add-ons store

Par : IT News
1 juillet 2026 à 01:14
Microsoft has removed 119 malicious extensions from the Edge Add-ons store
Microsoft has removed 119 malicious extensions from the Edge Add-ons store and suspended over 90 associated developer accounts. The campaign, dubbed StegoAd, utilized steganography to hide executable code within seemingly harmless image and font files like PNG, WebP, and WOFF2. These extensions reached up to 2.6 million installs by posing as legitimate tools such as ad blockers, VPNs, and translators.

Source

BioShocking attack tricks agentic AI browsers into leaking user credentials

Par : IT News
30 juin 2026 à 12:40
BioShocking attack tricks agentic AI browsers into leaking user credentials
Researchers have identified a vulnerability called BioShocking that allows attackers to bypass the safety guardrails of agentic AI browsers and plugins. The technique uses a malicious web page to convince the AI agent it is participating in a fictional game or puzzle. By accepting a false reality where standard rules do not apply, the AI abandons its security protocols and follows instructions it would otherwise reject.

Source

Microsoft removes 119 Edge extensions hiding malware in images and fonts

Par : IT News
29 juin 2026 à 18:14
Microsoft removes 119 Edge extensions hiding malware in images and fonts
Microsoft has dismantled a sophisticated browser threat operation dubbed StegoAd that utilized 119 malicious extensions in the Edge Add-ons store. The campaign leveraged steganography to conceal malicious JavaScript within seemingly harmless PNG, WebP, and WOFF2 font files. These extensions remained dormant for three to five days after installation to bypass initial security screenings and avoid immediate user suspicion.

Source

Microsoft cancels AI-powered history search in Edge browser

Par : IT News
28 juin 2026 à 23:37
Microsoft cancels AI-powered history search in Edge browser
Microsoft has officially discontinued the development of its AI-powered history search feature for the Edge browser. This functionality was designed to allow users to find previously visited websites using synonyms, natural language phrases, or even typos. Although the feature was intended to improve navigation, it has been moved to the company's list of retired projects following a brief rollout period.

Source

Google Chrome Beta integrates Gemini AI to summarize PDF documents

Par : IT News
28 juin 2026 à 23:37
Google Chrome Beta integrates Gemini AI to summarize PDF documents
Google is introducing a new "Summarize" feature for PDF documents within the Chrome Beta browser. This integration utilizes the Gemini AI model directly inside the built-in PDF viewer to analyze document content. Users can trigger the process via a dedicated button that activates the Gemini side panel for immediate processing.

Source

❌
❌