Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

'Fix this code'—the three little words behind the US government decision that shut down Anthropic’s Fable and Mythos AI models

The Fable jailbreak was trivially easy, an independent security researcher found. But she and other experts say Fable’s value ...

This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

This sneaky attack tricks Microsoft's AI assistant to hand over your data.
Infosecurity Magazine

AWS Unveils 'Continuum,' an AI-Powered Vulnerability Management Platform

Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code ...

Splunk Enterprise: Attacks on Code Smuggling Vulnerability

Splunk warns that malicious actors are attacking a critical code smuggling vulnerability in Splunk Enterprise. Updates are ...
SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access repositories.
SecurityWeek

OpenSSL Patches High-Severity Vulnerability Found With AI

The latest OpenSSL releases patch 18 vulnerabilities, including a high-severity issue that could allow remote code execution.
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...
The Hacker News

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 fixes CVE-2026-42530 and CVE-2026-42055 in NGINX Open Source, addressing HTTP/3 and HTTP/2 flaws that could allow remote ...
Dark Reading

What You Need to Know About Arbitrary Code Execution Vulnerabilities

They're serious. Notices about arbitrary code execution (ACE) vulnerabilities appear just about every week in alerts from US-CERT — the United States Computer Emergency Readiness Team, a part of the ...

7-Zip: Update closes code smuggling vulnerability

The popular compression program 7-Zip contains a vulnerability that allows the injection of malicious code. An update is ...