SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...
eWeek

HPE Warns of JNDI Java Injection Flaws

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly ...
The Hacker News

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

ChatGPT and Codex flaws patched Feb 2026 exposed DNS exfiltration and GitHub tokens, raising enterprise AI security risks.
heise online

SAP Patch Day: NetWeaver vulnerability allows code injection

Admins of SAP installations will have work on Tuesday this week: SAP has released advisories for 15 vulnerabilities in the company's products. Some of these are critical vulnerabilities that allow the ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
TechRadar

Three high-risk AI vulnerabilities discovered in Claude.ai – end-to-end attack chain exfiltrates sensitive info without user knowing

Oasis researchers uncover “Cloudy Day” attack chain in Claude Exploits include invisible prompt injection, data exfiltration via API, and open redirects Anthropic patched one flaw, fixes for remaining ...
Bleeping Computer

Ransomware gang exploits Cisco flaw in zero-day attacks since January

The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since ...