200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
SecurityWeek

Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge

Google has overhauled its Vulnerability Reward Programs (VRP) for Chrome and Android in response to a surge in the use of AI ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...
SecurityWeek

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.
Security Boulevard

Microsoft’s April Security Update of High-Risk Vulnerability Notice for Multiple Products

Overview On April 15, NSFOCUS CERT detected that Microsoft released the April Security Update patch, fixing 165 security issues involving Windows, Microsoft Office, Microsoft SQL Server, Microsoft ...
Hosted on MSN

Windows 11 adds major features as AI drives urgent patches

Windows 11 has gained five significant updates in early 2026, including native Sysmon support, Android app resume, and WebP desktop backgrounds. These feature rollouts come as Anthropic’s Mythos AI ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
Dark Reading

Adobe Patches Actively Exploited Zero-Day That Lingered for Months

Adobe patched an arbitrary code execution vulnerability in the latest versions of its Acrobat and Reader for Windows and macOS, nearly four months after an attacker first appeared to have begun ...

These Android phones in India can be hacked without clicking a single link

The Indian government has issued an urgent warning for Android users due to multiple vulnerabilities affecting various Android versions, including 14, 15, and 16. Users are advised to update their ...
Android

Hackers Turned Anthropic's Claude Code Leak into a Malware Lure

Hackers are exploiting a recent accidental source code leak from Anthropic to spread Vidar infostealer malware via fake GitHub repositories. These malicious sites have even managed to appear in top ...
VentureBeat

Meta's new structured prompting technique makes LLMs significantly better at code review — boosting accuracy to 93% in some cases

Deploying AI agents for repository-scale tasks like bug detection, patch verification, and code review requires overcoming significant technical hurdles. One major bottleneck: the need to set up ...
InfoWorld

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and then suggested ways to exploit them. Developers can spend days using fuzzing ...