SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...
Ars Technica

Google’s new command-line tool can plug OpenClaw into your Workspace data

The command line is hot again. For some people, command lines were never not hot, of course, but it’s becoming more common now in the age of AI. Google launched a Gemini command-line tool last year, ...
Infosecurity-magazine.com

Researchers Reveal Six New OpenClaw Vulnerabilities

OpenClaw has patched six new vulnerabilities in its popular agentic AI assistant, covering server-side request forgery (SSRF), missing authentication and path traversal bugs, according to Endor Labs.
CSOonline

Critical BeyondTrust RS vulnerability exploited in active attacks

Researchers have detected attacks that compromised Bomgar appliances, many of which have reached end of life, creating problems for enterprises seeking to patch. Researchers warn that a critical ...
Windows Central

Microsoft just made a command line version of the Microsoft Store for Windows 11 — install and update your apps without a GUI

Microsoft has announced the Store CLI, a command-line interface for managing and installing Windows apps from the Microsoft Store. It's similar to WinGet, except the Store CLI only works for apps that ...
TechSpot

Unwanted AI upgrade to Windows Notepad created a serious security flaw

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...
IEEE

CID4IoT: IoT-Oriented Command Injection Vulnerability Detection Based on Critical Code Extraction and LLM-Analysis

Abstract: The Internet of Things (IoT) devices have brought invaluable convenience to our daily lives. However, they also introduce significant security challenges. Common vulnerabilities in numerous ...
Bleeping Computer

Exploit code public for critical FortiSIEM command injection flaw

The vulnerability is tracked as CVE-2025-64155, and is a combination of two issues that permit arbitrary write with admin permissions and privilege escalation to root access. Researchers at ...
SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...
Bleeping Computer

Hackers are exploiting ArrayOS AG VPN flaw to plant webshells

Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security ...
Forbes

How MCP Gateways Can Mitigate Hidden MCP Security Risks

The Model Context Protocol (MCP) enables AI agents to interact with external tools across hybrid environments but introduces critical security vulnerabilities, including identity theft, data leakage, ...