Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

Hackers are exploiting a critical vulnerability in Mirasvit Full Page Cache Warmer to execute code remotely on Magento ...

Code execution possible: critical vulnerability in Windows Server exploited

The large May patch package had fixed the vulnerability in Windows Netlogon, now attackers are exploiting it. Admins should ...
InfoWorld

Lack of response to critical vulnerability in Gogs is a reminder of the limits of open ...

Two months after Rapid7 discovered the hole in the Git service, the project maintainer has yet to patch the bug.
Morning Overview on MSN

Fortinet rushed an emergency fix after attackers turned its own FortiClient security ...

Fortinet’s FortiClient endpoint management software, meant to harden corporate and government machines, instead exposed them ...
Communications of the ACM

AI Code Risks Escalate

As the percentage of coding completed or assisted by AI increases, the risks of that code failing rises. Risks include ...
Morning Overview on MSN

LiteLLM just fell to a full-chain Pwn2Own exploit combining SSRF and code injection ...

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise traffic to large language model providers, and walked away with arbitrary ...

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...
The Hacker News

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

ChatGPhish exploits ChatGPT Markdown rendering to deliver phishing content from summarized web pages, increasing AI attack surfaces.