Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool

The prompt injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...
The Hacker News

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

PowMix targets Czech workforce since Dec 2025 using jittered C2 and ZIP phishing, enabling stealthy remote access and ...
SecurityWeek

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Serial-to-IP converters are affected by potentially serious vulnerabilities that can expose OT and healthcare systems to ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall

Autonomous SOC agents now shipping can rewrite firewall rules and modify IAM policies — outpacing the governance frameworks ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
Cryptopolitan

Anthropic mandates ID verification as AI race enters new risk territory

Artificial intelligence companies, Anthropic and OpenAI, are taking serious steps to address the growing risks associated ...

The Pixel 10 gets a security fix most people will never notice

Google’s Pixel 10 won’t feel faster because of its modem rewrite, but that’s beside the point. By moving deeper into Rust, ...
The Next Web

OpenAI opens its cybersecurity model to thousands of defenders in race with Anthropic’s Mythos

OpenAI launches GPT-5.4-Cyber with binary reverse engineering for verified defenders, scaling access to thousands as it ...