SiliconANGLE

OpenAI Codex vulnerability enabled GitHub token theft via command injection, report finds

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...
Detroit Free Press

Hosted.com Examines Prompt Injection Threats Affecting Websites Using AI

Hosted.com examines the growing risk of prompt injection attacks to businesses using AI tools, including their potential impact, and ways to reduce exposure. Businesses rely on AI more than ever. When ...
winbuzzer.com

Microsoft Patches High-Severity Notepad Remote Code Execution Flaw

Microsoft patched a high-severity command injection vulnerability in Windows Notepad through its February 2026 Patch Tuesday updates that allows attackers to execute malicious code remotely via ...
Dark Reading

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

The year has barely begun, but 2026 is already in familiar territory for Fortinet customers, as a new vulnerability has come under attack. On Jan. 13, Fortinet disclosed a critical flaw in its ...
SDxCentral

Fortinet unearths second FortiWeb firewall vulnerability in as many weeks

Fortinet has uncovered a bug in its FortiWeb firewall offering, the second issue to be reported with the product in a month. First reported by The Register, the vulnerability (CVE-2025-58034) could ...
9to5google

Amazon will keep using Android on Fire TV as new Vega OS focuses on low-end devices

Amazon has confirmed that it’s not giving up on Android for its Fire TV lineup just yet, implying that its new Vega OS might focus mainly on low-end or low-power devices. Vega OS launched about a ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
InfoWorld

Flaw in React Native CLI opens dev servers to attacks

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems before a fix in version 20.0.0. A critical remote-code execution (RCE) flaw ...
Infosecurity-magazine.com

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

Researchers at Koi Security have found that three of Anthropic’s official extensions for Claude Desktop were vulnerable to prompt injection. The vulnerabilities, reported through Anthropic's HackerOne ...
ZDNet

8 free Linux apps that make tricky tasks surprisingly easy - no command line required

You don't have to use the command line in Linux. With the help of these free GUIs, Linux becomes much easier. These tools can be easily installed. Linux is becoming ...
GitHub

OS Command Injection vulnerability in EndRun Technologies...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...