Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and ...
OfficeChai

Smaller And Cheaper Models Also Managed To Discover The Same Security Bugs As Claude Mythos, Says AISLE Analysis

Claude Mythos had stunned the AI world after it had identified security vulnerabilities in browsers and operating systems, and discovered decades-old bugs, ...
Bleeping Computer

File read flaw in Smart Slider plugin impacts 500K WordPress sites

A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. An authenticated ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The ...
Bleeping Computer

Max severity Ubiquiti UniFi flaw may allow account takeover

Ubiquiti has patched two vulnerabilities in the UniFi Network Application, including a maximum-severity flaw that may allow attackers to take over user accounts. The UniFi Network app (also known as ...
GitHub

mbay7/claude-code-security

Runtime security for Claude Code workspaces. Blocks prompt injection, memory poisoning, secret exposure, and hook tampering — automatically, at every session ...
Dark Reading

'Claudy Day’ Trio of Flaws Exposes Claude Users to Data Theft

An attack chain featuring three separate flaws found in Anthropic's Claude artificial intelligence (AI) agent could have allowed attackers to embed malicious hidden instructions in a pre-filled chat ...