NewsCVE-2026-0628 Chrome Gemini Live Hijack CVSS 8.8The Hacker News·high signalMalicious Chrome extensions could hijack Gemini Live panel for webcam, mic, file access via declarativeNetRequest APISourceSource pageThe Hacker News↳ Follow the threadPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsPolicy dependency / Stack layerFirst Recon AI ships AI Security Runtime GA — inline policy enforcement on every agent-to-agent and agent-to-tool callBusiness WirePolicy dependency / Stack layerPattern: A Provider-Abstraction / BYOK Layer Is Hardening Beneath Agent HarnessesGitHubStack layer / Threat patternOpenAI's GPT-Live Adds Async Delegation: Voice Keeps Talking While GPT-5.5 Works in the BackgroundSimon WillisonPolicy dependency / Stack layerHugging Face Transformers v5.13.0 Adds a Unified Export Pipeline and Kimi K2.5 ArchitectureHugging FacePolicy dependency / Stack layerVercel Ships the Agent-Ops Layer: 'Eve' Framework for Natural-Language Agent Skills and 'Vercel Sandbox' to Fence In Data AccessThe AI InsiderStack layer / Threat patternPattern: The Agent's Web Access Is Moving Inside the IDE as a Sandboxed, Allowlisted Browser9to5MacStack layer / Threat patternMitigating Taint-Style MCP Server Vulnerabilities Without Touching Server Code (SPELLSMITH)arXiv