Critical RCEs in Microsoft AI & GitHub, plus CrowdSec for Hardening Today's Highlights This week, major RCE vulnerabilities in Microsoft's AI frameworks and GitHub.com highlight critical supply chain and AI-specific security risks. Additionally, a practical guide to integrating CrowdSec with Nginx Proxy Manager offers robust defensive techniques for self-hosted applications. [Research] Full-chain RCE in Microsoft Semantic Kernel & Agent Framework 1.0 (6 Bypasses) (r/netsec) Source: https://reddit.com/r/netsec/comments/1sy2k13/research_fullchain_rce_in_microsoft_semantic/ This disclosure details a critical full-chain Remote Code Execution (RCE) vulnerability, assigned a CVSS score of 10.0, affecting Microsoft Semantic Kernel (.NET v1.74) and the new Agent Framework 1.0. The vulnerability chain leverages six distinct bypasses to achieve arbitrary code execution, highlighting complex interaction flaws within the AI orchestration frameworks.…