Hackaday

This Week In Security: Android Exposes ADB, ShinyHunters Get Paid, Robot Dogs, And More

Google has patched an Android ADB bug in the May security patch set. If you have a Pixel phone you should already have the patches, and most other major manufacturers should be close behind.

Uncovering coded antisemitism online takes both human expertise and AI automation

Tracking hate speech online is challenging even when terms are explicit. Coded speech is harder to detect – but pairing AI ...
Morning Overview on MSN

LiteLLM just fell to a full-chain Pwn2Own exploit combining SSRF and code injection — researchers took full system control

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise ...
Morning Overview on MSN

An 18-year-old flaw in NGINX just gave attackers remote code execution on millions of web servers — nobody noticed for two decades

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical ...
Microsoft

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by ...
Security Boulevard

Ransomware, Critical Vulnerabilities, and the Security Gap No One Is Closing Fast Enough

Somewhere between a five-month investigation gap at a Minnesota hospital and 17 million vehicle records sitting on a contractor’s FTP server, a familiar story started taking shape again. Attackers ...
CSOonline

AI agent finds 18-year-old remote code execution flaw in Nginx

An LLM-powered system found 4 security bugs, including a critical one in the web server’s URL rewrite module. Researchers have found a critical vulnerability in the widely used Nginx web server that ...

Microsoft’s May updates patch 120 security flaws in Windows and Office

This month's Patch Tuesday addressed 120 vulnerabilities across Windows, Office, and cloud services, including critical ...

Update your older iPhone, iPad, or Mac now, to get new fixes for WebKit, Wi-Fi & kernel flaws

On Monday, Apple released critical security updates for iPads, Macs, and iPhones running older operating systems to fix ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...
Security Boulevard

AI Tools Expose PostgreSQL and MariaDB Flaws Hidden for Decades

AI-assisted security analysis uncovered critical PostgreSQL and MariaDB vulnerabilities that remained hidden for more than ...
Dark Reading

'TrustFall' Convention Exposes Claude Code Execution Risk

Malicious repositories can trigger code execution in Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI with minimal or no ...