New ‘Pack2TheRoot’ flaw gives hackers root Linux access

A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or ...

Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks

Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a ...
TradeWinds

‘I could have stopped a ship at any time’: Ethical hacker issues warning to shipowners

As software firms hide their flaws, they pose greater risk to shipping than being transparent, argue security experts ...
American Banker

Unpatched AI flaw poses risk to banking sector

An unpatched vulnerability in Anthropic's Model Context Protocol creates a channel for attackers, forcing banks to manage the ...
The Financial Express

Infosys CEO says ‘Mythos-like’ AI finding hidden flaws could create jobs

Parekh views the trend of discovering unknown software vulnerabilities as a massive 'Mythos-driven' opportunity for the IT ...

A secretive AI hacking system has sparked a global scramble

When security researchers at Mozilla, the maker of the popular web browser Firefox, pointed a powerful new artificial ...
Computer Weekly

A tsunami of flaws: When frontier AI and Patch Tuesday collide

Microsoft’s April Patch Tuesday drop was the second-largest in history, falling just shy of an October 2025 record. What is behind the spike in vulnerability disclosures, and is there a connection to ...
GovInfoSecurity

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...
New Scientist on MSN

Do you need to worry about Mythos, Anthropic's computer-hacking AI?

A powerful AI kept from public access because of its ability to hack computers with impunity is making headlines around the ...
Decrypt

Google Fixes AI Coding Tool Flaw That Let Attackers Execute Malicious Code: Report

Researchers say a prompt injection bug in Google's Antigravity AI coding tool could have let attackers run commands, despite ...
GovInfoSecurity

A Token Flaw Turned Azure's AI Agent Into a Spy

A misconfiguration in Microsoft's Azure SRE Agent may have allowed any Azure account holder from any company to tap into ...
Computer Weekly

Boost cooks up SmokedMeat, open source framework for CI/CD pipelines protection

Boost Security has announced SmokedMeat, an open source red team framework for CI/CD pipelines that shows how attackers ...