The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

The Ouroboros Effect: What Happens When AI Trains On Insecure AI-Generated Code?

Organizations need to break the infinite renewal cycle of AI learning from the flawed data of previous AI models.

Microsoft’s open source tools were hacked to steal passwords of AI developers

Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

Hackers are exploiting a critical vulnerability in Mirasvit Full Page Cache Warmer to execute code remotely on Magento ...
Radio Times

LEGO Batman: Legacy of the Dark Knight codes – All QR code rewards and how to redeem

It wouldn't be a LEGO game without codes and LEGO Batman: Legacy of the Dark Knight is no different, with a small handful of codes to redeem. Unlike in previous games starring everyone's favourite ...

Unverified DeFi contracts linked to $36.7M in losses: Chainalysis

Chainalysis identified $36.7 million in losses from unverified DeFi contracts, warning that AI tools are making hidden smart ...
The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.