Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...

SAP Patchday: Critical vulnerabilities in SAP NetWeaver and other weaknesses

For the June patch day, SAP is addressing 15 new vulnerabilities in several products. Three critical ones affect NetWeaver.
CSOonline

Threat and Vulnerability Management

XDR is one of security's buzziest acronyms—and for good reason. XDR, which stands for eXtended Detection and Response, promises to provide more timely and accurate threat detection by gathering and ...
Bleeping Computer

Hackers exploit file upload bug in Breeze Cache WordPress plugin

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. The security issue is ...
Infosecurity-magazine.com

Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents

Security researchers have discovered 10 new indirect prompt injection (IPI) payloads targeting AI agents with malicious instructions designed to achieve financial fraud, data destruction, API key ...
SecurityWeek

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

A recently disclosed privilege escalation vulnerability in Microsoft Defender has been exploited in the wild as a zero-day using publicly available proof-of-concept (PoC), Huntress warns. Patched on ...
SecurityWeek

Claude Mythos Finds 271 Firefox Vulnerabilities

Mozilla says Anthropic’s new cybersecurity-focused Claude Mythos AI model has discovered 271 vulnerabilities in Firefox. The vulnerabilities, identified with an early version of Claude Mythos Preview, ...
Engadget

Mozilla says it patched 271 Firefox vulnerabilities thanks to Anthropic's Claude Mythos

Anthropic's buzzy announcement about using AI to improve cybersecurity earlier this month was met with plenty of skepticism. However, Mozilla shared some details that support use of the company's ...
VentureBeat

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
Bleeping Computer

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.
CSOonline

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing Secure Mode protections. Security researchers have revealed a prompt ...