Gimp: Unpatched vulnerability allows code injection with GIFs

Security vulnerabilities in Gimp allow code injection with manipulated files like GIFs. There is no update yet.
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...

Pixel phones are becoming safer via Google's Rust code injection

The post Pixel phones are becoming safer via Google's Rust code injection appeared first on Android Headlines.
InfoWorld

The two-pass compiler is back – this time, it’s fixing AI code generation

The compiler analyzed it, optimized it, and emitted precisely the machine instructions you expected. Same input, same output.

CUMBERLAND PHARMACEUTICALS ANNOUNCES EXPANDED INDICATION FOR CALDOLOR® (IBUPROFEN) INJECTION AND LAUNCH OF NEW BRAND WEBSITE

Cumberland Pharmaceuticals Inc. (Nasdaq: CPIX), a specialty pharmaceutical company, today announced it has received approval from the U.S. Food and Drug Administration (FDA) for an expanded indication ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Ubiquiti UniFi Play: Code Injection Possible in Audio System

The high-end audio streaming solution Ubiquiti UniFi Play has a critical security vulnerability that allows attackers to ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Researchers hijacked Claude, Gemini, and Copilot AI agents via prompt injection to steal API keys and tokens. All three ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
CSO Online

Microsoft’s Windows Recall still allows silent data extraction

A cybersecurity researcher says Recall’s redesigned security model does not stop same-user malware from accessing plaintext ...
Infosecurity Magazine

How Security Leaders Can Safeguard Against Vibe Coding Security Risks

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users

Exclusive: Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive ...