NewsCVE-2026-0628 Chrome Gemini Live Hijack CVSS 8.8The Hacker News·high signalMalicious Chrome extensions could hijack Gemini Live panel for webcam, mic, file access via declarativeNetRequest APISourceSource pageThe Hacker News↳ Follow the threadPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsPolicy dependency / Stack layerIAPS warns on Kimi Claw: security and governance risks of Chinese-hosted 'always-on' AI agentsIAPSStack layer / Threat patternMeta Charges for a Frontier Model for the First Time: Muse Spark 1.1 at $1.25/$4.25TechCrunchStack layer / Threat patternOpen-Source Multi-Agent Firewall Intercepts Both HTTP(S) and WebSocket LLM TrafficarXivStack layer / Threat patternbrowser-use Ships 'Browser Harness' — Agents Edit Their Own Browser Helpers Mid-Task Instead of FailingGitHubStack layer / Threat patternNSA issues official MCP hardening guidance after Amazon Q auto-execution CVEs (CVSS 8.5) enable AWS credential theftWizStack layer / Threat patternsickn33/agentic-awesome-skills Hits 1,900+ Installable Agent Skills — and an Installer CLI to MatchGitHubStack layer / Threat patternOpenClaw ships broad July 6 platform update: GPT-5.6 support, external harness attach, hardened provider I/OReleasebot