The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 ...
The Hacker News

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

CISA added FileZen CVE-2026-25108 (CVSS 8.7) to its KEV catalog after active exploitation, affecting versions 4.2.1–4.2.8 and ...
Dark Reading

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

The year has barely begun, but 2026 is already in familiar territory for Fortinet customers, as a new vulnerability has come under attack. On Jan. 13, Fortinet disclosed a critical flaw in its ...
USA Today

Is Saks closing stores? What we know amid CEO changes, bankruptcy

Saks Global, which owns luxury brand Saks Fifth Avenue and its discounted division Saks Off Fifth, is announced a series of leadership changes and a bankruptcy filing, leaving consumers wondering if ...
Ars Technica

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white ...
TechCrunch

Anthropic’s new Cowork tool offers Claude Code without the code

On Monday, Anthropic announced a new tool called Cowork, designed as a more accessible version of Claude Code. Built into the Claude Desktop app, the new tool lets users designate a specific folder ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...
Bleeping Computer

Are Copilot prompt injection flaws vulnerabilities or AI limits?

Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The ...
SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...
EurekAlert!

Vulnerability of large language models to prompt injection when providing medical advice

About The Study: In this quality improvement study using a controlled simulation, commercial large language models (LLM’s) demonstrated substantial vulnerability to prompt-injection attacks (i.e., ...
SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

The bug allows attackers to carry out XML External Entity (XXE) injection attacks via crafted XFA files inside PDF files. A critical-severity vulnerability in the Apache Tika open source analysis ...
maketecheasier.com

Why LNK Files in Windows Are a Major Security Vulnerability and How to Stay Safe

Year after year, LNK files are exploited in malware attacks, mainly because a core vulnerability hides malicious content from users. Microsoft has not yet fixed the flaw, so we must be cautious when ...