CSO Online

Output from vibe coding tools prone to critical security flaws, study finds

The assessment, which it conducted in December 2025, compared five of the best-known vibe coding tools — Claude Code, OpenAI ...
GovInfoSecurity

Flaw in AI Libraries Exposes Models to Remote Code Execution

Researchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by ...

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data ...

Python libraries used in top AI and ML tools hacked

Security researchers from Palo Alto Networks have discovered vulnerabilities used in some top Artificial Intelligence (AI) ...
The Hacker News

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Active malware exploits DLL side-loading in a signed GitKraken binary to deliver trojans, stealers, and remote access malware ...

Microsoft's Latest Patch Tuesday Fixes 114 Vulnerabilities

Microsoft's Patch Tuesday update for January addresses 114 vulnerabilities in total, including three zero-days.
SecurityWeek

Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM

Fortinet patches six vulnerabilities, including critical flaws in FortiFone and FortiSIEM leading to configuration leak and ...
SecurityWeek

Chrome 144, Firefox 147 Patch High-Severity Vulnerabilities

Chrome 144 and Firefox 147 were released with patches for a total of 26 vulnerabilities, including high-severity code ...
CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...

Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent

A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data ...
The Hacker News

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

A critical CVSS 10.0 vulnerability in n8n allows unauthenticated attackers to read files, bypass authentication, and gain ...
Security Boulevard

Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of Organizations

Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps.