SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
SecurityWeek

Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs

The flaws allow remote, unauthenticated attackers to make system changes, access underlying accounts, and inject commands.
CSO Online

Attackers exploit Cisco Unified CM flaw weeks after patch release

New activity targets CVE‑2026‑20230, an SSRF bug that can allow unauthenticated file writes and potential root‑level access ...

SAP Patchday: Critical vulnerabilities in SAP NetWeaver and other weaknesses

For the June patch day, SAP is addressing 15 new vulnerabilities in several products. Three critical ones affect NetWeaver.
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
The Next Web

Anthropic’s Mythos found thousands of zero-day vulnerabilities. The Fed chair called the banks.

Anthropic’s Claude Mythos Preview found thousands of zero-day vulnerabilities across major operating systems and browsers, prompting the Fed chair and Treasury secretary to convene bank CEOs. The ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
CSOonline

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing Secure Mode protections. Security researchers have revealed a prompt ...
VentureBeat

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...
SiliconANGLE

OpenAI Codex vulnerability enabled GitHub token theft via command injection, report finds

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...
Women's Health

Which Is Better: The Weight Loss Pill or Injection?

While GLP-1 weight loss meds have been a mainstay in pop culture for a few years now, they're potentially about to get even more widespread. Formerly only available as an injection, Wegovy recently ...
TechRepublic

Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files

Researchers say a vulnerability in Perplexity’s Comet AI browser could expose local files and credentials through malicious calendar invites. A security flaw in Perplexity’s AI-powered Comet browser ...