CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Hackers exploit critical flaw in Ninja Forms WordPress plugin

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution.
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

Traffic violation scams switch to QR codes in new phishing texts

Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., ...
CSO Online

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and ...
InfoWorld

Meta shows structured prompts can make LLMs more reliable for code review

A new “semi-formal reasoning” approach forces AI models to trace code paths and justify conclusions, improving accuracy while ...
Decrypt

Anthropic Accidentally Leaked Claude Code's Source—The Internet Is Keeping It Forever

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.
IEEE

UltraVCS: Ultra-Fine-Grained Variable-Based Code Slicing for Automated Vulnerability Detection

Abstract: Detecting vulnerabilities in source code using deep learning models is emerging as a valuable research area. The key issue in using deep learning to detect vulnerabilities is the accurate ...
IEEE

Fight Fire With Fire: How Much Can We Trust ChatGPT on Source Code-Related Tasks?

Abstract: With the increasing utilization of large language models such as ChatGPT during software development, it has become crucial to verify the quality of code content it generates. Recent studies ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...