Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
heise online

FortiClient EMS: Critical code-injection vulnerability is being exploited

A zero-day vulnerability exists in FortiClient EMS, which attackers are already exploiting in the wild. This allows them to inject and execute malicious code without prior authentication. Fortinet ...
Security Boulevard

CISA Warns of Craft CMS Code Injection Vulnerability Exploited in Attacks

This issue matters because it involves a remote, unauthenticated code execution path in a content management system that CISA has already confirmed is being exploited in the wild. For CISOs, the ...
TechCrunch

Anthropic hands Claude Code more control, but keeps it on a leash

For developers using AI, “vibe coding” right now comes down to babysitting every action or risking letting the model run unchecked. Anthropic says its latest update to Claude aims to eliminate that ...
Dark Reading

How AI Coding Tools Crushed the Endpoint Security Fortress

RSAC 2026 CONFERENCE – San Francisco – Artificial intelligence has been hailed by many as a game changer for cybersecurity, but one researcher believes these new tools are systemically undermining ...
Bleeping Computer

VoidStealer malware steals Chrome master key via debugger trick

An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. The ...