Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
GitHub

Bug report: Unexpected reference tokens appearing in assistant output

We are using ChatKit with the OpenAI-hosted backend (Agent Builder workflows), with the agent model set to GPT-5.2. In some assistant responses, we observe unexpected tokens (e.g. filecite, turn4fileX ...