CSO Online

Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered

Now that an attacker can use an LLM to weaponize a bug the minute it's found, taking 12 days to patch ‘is essentially a ...
TMCnet

AI empowered Bybit Security Team Uncovers macOS Malware Campaign Targeting Users Searching for Claude Code

Bybit/ In the news release, Bybit Uncovers AI-Assisted macOS Malware Campaign Targeting Users Searching for Claude Code, ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.
Homeland Security Today

Supply Chain Compromise Impacts Axios Node Package Manager , CISA Alert Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has released an alert to provide guidance in response to the ...

X-Humanoid's Embodied Tien Kung 3.0 Wins Beijing Robot Warrior Challenge with Fully Autonomous Run

On April 18, the inaugural Beijing Yizhuang Robot Warrior Challenge concluded. Beijing Innovation Center of Humanoid Robotics (X-Humanoid) entered the competition with Embodied Tien Kung 3.0. The full ...
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...

‘Tokenmaxxing’ is making developers less productive than they think

GitClear, another company in this space, published a report in January that found AI tools increased productivity, but also ...

No-JavaScript fallbacks in 2026: Less critical, still necessary

Rendering isn’t always immediate or complete. Learn where no-JavaScript fallbacks still protect critical content, links, and ...

Cisco Webex SSO flaw needs manual certificate update to fix

The cloud-based Webex service has already been patched, but admins must replace an identity provider certificate in Webex ...
Cybernews

Claude AI just learned how to hack Chrome: Will Mythos do it autonomously?

Researchers demonstrate Claude AI building a Chrome exploit chain, raising alarm over what Anthropic’s Mythos could do next.