SecurityWeek

Cursor AI Vulnerability Exposed Developer Devices

NomShub, a vulnerability chain in Cursor AI, allowed attackers to achieve persistent access to systems via indirect prompt ...

Meta researchers introduce 'hyperagents' to unlock self-improving AI for non-coding tasks

Meta's new hyperagent framework breaks the AI "maintenance wall," allowing systems to autonomously rewrite their own logic ...

Why Parallel Workflows in Devin AI Are Changing Software Deployment

Discover how Devin AI streamlines software engineering by automating code testing, managing pull requests, and building ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.

Anthropic and Nvidia have shipped the first zero-trust AI agent architectures — and they solve the credential exposure ...

Claude Code Can Now Control Your Desktop : Here’s What It Can Do

Anthropic’s Claude Code now controls macOS apps with mouse, keyboard, and screenshots, plus remote actions via the new ...

MCP Code Mode: How Bifrost Cuts Token Usage by 50%

Bifrost stands out as the leading MCP gateway in 2026, pairing native Model Context Protocol support with Code Mode to cut ...

Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP

CVE-2026-39808 is an OS command injection flaw in FortiSandbox that allows unauthenticated attackers to execute unauthorized ...

OpenAI updates its Agents SDK to help enterprises build safer, more capable agents

OpenAI has expanded the capabilities of its agent-building toolkit, as agentic AI continues to grow in popularity.

Valorborn Early Access Review: A Promising Sandbox Born Half-Formed

We spent time with Valorborn, and after digging into its systems and seeing how it all comes together in practice, here’s our ...
Dark Reading

Adobe Patches Actively Exploited Zero-Day That Lingered for Months

An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four ...
TechJuice

GlassWorm Escapes JavaScript Sandbox to Silently Spread Across Developer Tools

GlassWorm malware uses a Zig-based dropper to infect developer tools, stealing data and spreading across IDEs.