NewsPleaseFix Zero-Click Agent Hijack in Agentic BrowsersZenity Labs·high signalZenity Labs disclosed PleaseFix vulnerabilities in Perplexity Comet — zero-click file exfiltration via poisoned calendar invites and credential theft through password manager manipulationSourceSource pageZenity Labs↳ Follow the threadPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / Threat patternbrowser-use Ships 'Browser Harness' — Agents Edit Their Own Browser Helpers Mid-Task Instead of FailingGitHubStack layer / Threat patternSnyk's Evo Agentic Development Security Hit GA June 29 — an Enforcement Layer That Polices MCP Servers and Coding Agents at RuntimeSiliconANGLEStack layer / Threat patternCodeTracer Performs Forensic Attribution of Backdoored Code CompletionsarXivStack layer / Threat patternVisual Action Outcome Reasoning Alignment Improves VLM Physical ReasoningarXivStack layer / Threat patternClaude Cowork Sandbox-Escape Chain Reportedly Escalates Local Code Execution to RootCyberdessertsPolicy dependency / Stack layerKastra Launches Policy Enforcement for Claude Code, Cursor, and CodexHacker News