Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM ...
Decrypt

Malicious Web Pages Are Hijacking AI Agents, And Some Are Going After Your PayPal

Google's security team scanned billions of web pages and found real payloads designed to trick AI agents into sending money, ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...
The Hacker News

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Gemini CLI CVSS 10.0 flaw in versions below 0.39.1 enabled RCE in CI workflows, forcing Google to mandate explicit workspace ...
CSO Online

AI is reshaping DevSecOps to bring security closer to the code

Accelerated use of AI in software development is rapidly altering the scope, skills, and strategies involved in securing code ...
CSO Online

Critical Cursor bug could turn routine Git into RCE

A flaw in Cursor’s AI agent lets malicious repositories trigger arbitrary code execution through routine Git operations, now ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
Dark Reading

AI Finds 38 Security Flaws in Electronic Health Record Platform

Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

The Prompt Engineering Cheat Sheet: How to Write Better AI Prompts

Learn prompt engineering with this practical cheat sheet that covers frameworks, techniques, and tips for producing more ...
Ministry of Testing

Evals in practice for an AI coding agent

Master this framework to systematically verify, secure & improve the output quality of AI coding agents using both ...