GitHub

Command Injection in Cloud Compliance Scanning in HummerRisk

Project: HummerRisk Repository: https://github.com/HummerRisk/HummerRisk Affected Version: <=1.5.0 Affected Component: Cloud compliance scanning module A critical ...
PC World

Microsoft Store goes zero-clutter—through the command line

PCWorld reports that Microsoft has introduced a command-line interface for the Microsoft Store, offering a text-based alternative to the traditional graphical interface. The CLI enables users to ...
Neowin

Microsoft introduces a new command-line interface for the Microsoft Store

Microsoft has introduced a dedicated Command-Line Interface (CLI) for the Microsoft Store, allowing anyone to manage apps directly via the terminal. Microsoft today announced a new command-line ...
Dark Reading

Critical Telnet Server Flaw Exposes Forgotten Attack Surface

Threat actors are exploiting a critical vulnerability that affects hundreds of thousands of telnet servers, bringing an often-neglected threat vector back into the limelight. One Monday, the US ...
The Verge

Winapp is Microsoft’s new command line utility for developers.

Microsoft is releasing Windows App Development CLI (winapp) in public preview today. The open-source utility is aimed at Windows app developers, to make it easier to work across multiple frameworks ...
Infosecurity-magazine.com

Prompt Injection Bugs Found in Official Anthropic Git MCP Server

Three security vulnerabilities in the official Git server for Anthropic's Model Context Protocol (MCP), mcp-server-git, have been identified by cybersecurity researchers. The flaws can be exploited ...
Bleeping Computer

Exploit code public for critical FortiSIEM command injection flaw

The vulnerability is tracked as CVE-2025-64155, and is a combination of two issues that permit arbitrary write with admin permissions and privilege escalation to root access. Researchers at ...
Bloomberg L.P.

Blackout Reveals Germany’s Infrastructure Vulnerabilities

Around 27,000 homes in Berlin are still without power for a fourth day after an arson attack produced the second major blackout since September. It’s taking contractors longer than usual to fix the ...
SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...
Infosecurity-magazine.com

UK NCSC Raises Alarms Over Prompt Injection Attacks

Prompt injection vulnerabilities may never be fully mitigated as a category and network defenders should instead focus on ways to reduce their impact, government security experts have warned. Then ...
The Hacker News

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The ...