Critical Cursor Flaws Could Let Prompt Injection Escape Sandbox and Run Commands
Swati KhandelwalJul 01, 2026AI Coding / Vulnerability Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the…
Swati KhandelwalJul 01, 2026AI Coding / Vulnerability Two flaws in Cursor, an AI code editor, could let a single, ordinary-looking prompt break out of the…
The Attorney-General’s Department has set up two controlled AI tools, one each from Microsoft and Google, for staff to use on data classified up to…
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Hijacked npm Packages Use…
TL;DR: CVE-2025-55182 is a critical unauthenticated RCE vulnerabilities in the React Server Components (RSC) “Flight” protocol. Default configurations are vulnerable – a standard Next.js app…
Flipper Devices has responded to intense community backlash over perceptions that it had abandoned active development of the Flipper Zero firmware. In a statement addressing…
Ravie LakshmananJul 01, 2026Artificial Intelligence / Vulnerability Adobe has released patches for multiple maximum-severity security flaws impacting Adobe ColdFusion and Adobe Campaign Classic. The ColdFusion…
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach Pierluigi Paganini July 05, 2026 Medtronic says a ShinyHunters attack exposed the personal and medical data of…
AWS’s largest event of the year is re:Invent, which occurred just after Thanksgiving from Dec 2-5 this year. The weeks prior are referred to as…
Flipper Devices says development of the Flipper Zero firmware will continue, albeit with a smaller internal team and greater reliance on community contributions. The announcement…
A newly released open-source security framework called T3MP3ST is turning general-purpose AI coding agents like Claude Code, OpenAI’s Codex, and Hermes into autonomous red-teaming operators…
Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs.…
Threat actors are targeting GitHub Personal Access Tokens (PAT) as high-value entry points, leveraging compromised PATs to gain initial access to victim cloud environments. Historically,…