Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
eWeek

Anthropic Debuts ‘Repeatable Routines’ in Major Claude Code Automation Update

Anthropic introduces “repeatable routines” in Claude Code, bringing AI-powered automation and a redesigned workspace to ...

Gimp 3.2.2 patches vulnerability that allows code injection with GIFs

Security vulnerabilities in Gimp allow code injection with manipulated files like GIFs. There is no update yet.
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...
The Hacker News

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

ShowDoc CVE-2025-0520 exploited due to unpatched versions before 2.8.7, enabling remote code execution on 2,000+ instances.

Claude Mythos can hack anything, Anthropic says. Should we believe them?

The footnote is on page 7 of a 60-page alignment risk report, wedged between paragraphs about sandbox configuration and ...
Morning Overview on MSN

Anthropic’s Mythos flags widespread software flaws, raising cyber risks

A vulnerability-discovery tool built by Anthropic has identified a serious flaw in FreeBSD’s Network File System, a component ...

Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update

Adobe Acrobat and Reader users are under attack from hackers using a zero-day vulnerability. Update within 72 hours, Adobe ...
Hackaday

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

AI agents found vulns in this popular Linux and Unix print server

Asim Viladi Oglu Manizada and his team of vulnerability hunting agents recently discovered two issues in CUPS, CVE-2026-34980 ...