Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection ...
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

Microsoft adds new safety rails to save you from remote desktop attacks

Microsoft has shipped one of the most practically useful security updates in recent memory, and if you work in an environment ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
MarineLink

OpenBridge Open-Source Code Library Designed to Boost Shipping Safety

A comprehensive open-source code library has been launched for OpenBridge. This design system is engineered to create safer ...

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal ...
Visual Studio Magazine

Hands On with Microsoft's New VS Code Agents Preview -- Now in Insiders

Now shipping in the VS Code Insiders build, Microsoft's new Visual Studio Code Agents preview offers an early look at a separate companion app for agent sessions, approvals, workspace discovery, and ...
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse

Lovable's API exposed source code and database credentials for 48 days after the company closed a bug report. Up to 62% of AI ...
SecurityWeek

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters are affected by potentially serious vulnerabilities that can expose OT and healthcare systems to ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Microsoft fixes 167 security flaws in April, second biggest Patch Tuesday ever

This month's Patch Tuesday includes an actively exploited Office zero-day vulnerability and several critical RCE bugs in ...
Dark Reading

Chinese APT Targets Indian Banks, Korean Policy Circles

China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale ...