InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
Security Boulevard

AI Tools Expose PostgreSQL and MariaDB Flaws Hidden for Decades

AI-assisted security analysis uncovered critical PostgreSQL and MariaDB vulnerabilities that remained hidden for more than two decades, highlighting the growing importance of continuously auditing ...
SecurityWeek

AI Coding Agents Could Fuel Next Supply Chain Crisis

Researchers demonstrate how attackers can weaponize trusted repositories to hijack AI coding assistants and compromise ...
Microsoft

ClickFix campaign uses fake macOS utilities lures to deliver infostealers

Threat actors are targeting macOS users with fake utility fixes that trick them into running malicious Terminal commands.

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...
Dark Reading

AI Finds 38 Security Flaws in Electronic Health Record Platform

Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code ...

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install backdoors.
TechJuice

Security Researchers Warn Rapid AI Adoption Is Creating Massive New Cybersecurity Risks

Researchers warn insecure AI systems and exposed infrastructure are creating growing cybersecurity risks globally.
Visual Studio Magazine

VS 2026 Joins VS Code with Integrated Cloud Agent: Assign a Task, Close the IDE, Get a PR

Visual Studio 2026 has further integrated GitHub Copilot's cloud agent to its Copilot Chat picker -- catching up to VS Code -- and the async workflow it enables, where a task runs on GitHub Actions ...

Mistral AI launches Workflows, a Temporal-powered orchestration engine already running millions of daily executions

Mistral AI launches Workflows, a Temporal-powered orchestration platform for enterprise AI that automates mission-critical ...