Splunk Enterprise: Attacks on Code Smuggling Vulnerability

Splunk warns that malicious actors are attacking a critical code smuggling vulnerability in Splunk Enterprise. Updates are ...

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

This sneaky attack tricks Microsoft's AI assistant to hand over your data.
The Hacker News

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one ...
The Hacker News

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 fixes CVE-2026-42530 and CVE-2026-42055 in NGINX Open Source, addressing HTTP/3 and HTTP/2 flaws that could allow remote ...
Bleeping Computer

VS Code zero-day lets hackers steal GitHub tokens in one click

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a ...
SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access repositories.

7-Zip: Update closes code smuggling vulnerability

The popular compression program 7-Zip contains a vulnerability that allows the injection of malicious code. An update is ...

AWS launches new AI security service for code vulnerabilities

CNBC's Kate Rooney reports on new announcements from AWS.
CSOonline

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

This month’s threat landscape is ‘defined by immediate, real-world exploitation rather than just theoretical vulnerabilities,’ says an incident response manager. A critical hole in Windows Internet ...

AISLE Introduces Snapshot, Bringing Frontier-Class Vulnerability Detection Inside the Walls of Regulated and Security-Sensitive Enterprises

New offering deploys inside customers’ private cloud, on-premises, or air-gapped environments, with source code and security ...