Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

SAP Patchday: Critical vulnerabilities in SAP NetWeaver and other weaknesses

For the June patch day, SAP is addressing 15 new vulnerabilities in several products. Three critical ones affect NetWeaver.
GitHub

JavaSecLab - A Comprehensive Java Vulnerability Lab

JavaSecLab is a comprehensive Java vulnerability lab for application security learning, code audit practice, secure development training, and security tool evaluation. Built on Spring Boot, it ...
The Hacker News

Vulnerability — Latest News, Reports & Analysis | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

Google has fixed a critical flaw in its agentic integrated developer environment (IDE) Antigravity that led to sandbox escape and remote code execution (RCE) after researchers created a proof of ...
CSOonline

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java Spring ecosystem. Maintainers of Thymeleaf, a widely used template engine for ...
theregister

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic's official Model Context Protocol (MCP) puts as many as 200,000 servers ...
officechai.com

Smaller And Cheaper Models Also Managed To Discover The Same Security Bugs As Claude Mythos, Says AISLE Analysis

Claude Mythos had stunned the AI world after it had identified security vulnerabilities in browsers and operating systems, and discovered decades-old bugs, but it turns out that much smaller and ...
SD Times

Direct Prompt Injection: How Attackers Manipulate LLM Input

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...
SecurityWeek

SAP’s January 2026 Security Updates Patch Critical Vulnerabilities

Enterprise software maker SAP on Tuesday announced the release of 17 new security notes as part of its January 2026 Security Patch Day. Four of the notes address critical-severity vulnerabilities. The ...
acm.org

Guardians of the Agents

Agentic applications—AI systems empowered to take autonomous actions by calling external tools—are the current rage in software development. They promise efficiency, convenience, and reduced human ...