LinuxInsider

Weaponized Python and Linux Malware Target Executives and Cloud Systems

Two malware campaigns weaponize open-source software to target executives and cloud systems, combining social engineering ...

OpenClaw is a security nightmare - 5 red flags you shouldn't ignore (before it's too late)

Handing your computing tasks over to a cute AI crustacean might be intriguing - but you should consider these security risks before doing so.
bitnewsbot

Fortinet fixes critical FortiSIEM OS command injection flaw.

On Jan 14, 2026, Fortinet published updates to fix a critical vulnerability in FortiSIEM that could allow unauthenticated attackers to execute code on vulnerable appliances, affecting Super and Worker ...
The Hacker News

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, according to an alert issued by JPCERT/CC this week. The ...
Infosecurity-magazine.com

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

Researchers at Koi Security have found that three of Anthropic’s official extensions for Claude Desktop were vulnerable to prompt injection. The vulnerabilities, reported through Anthropic's HackerOne ...
bitnewsbot

Critical OS Command Injection Flaw Found in React Native CLI

A critical security weakness was discovered and patched in the popular @react-native-community/cli package, which supports developers building React Native mobile apps. The vulnerability could let ...
Bleeping Computer

TP-Link warns of critical command injection flaw in Omada gateways

TP-Link is warning of two command injection vulnerabilities in Omada gateway devices that could be exploited to execute arbitrary OS commands. Omada gateways are marketed as full-stack solutions ...
CSOonline

Chaos-Mesh flaws put Kubernetes clusters at risk of full takeover

Four newly discovered vulnerabilities in the fault simulation platform can lead to OS command injection and cluster takeover, even from unprivileged pods. Researchers have found critical ...
Dark Reading

CISA Warns N-able Bugs Under Attack, Patch Now

The Cybersecurity and Infrastructure Security Agency (CISA) added two N-able vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog this week, but, thankfully, a fix is available now.
Metal Injection

Good Night Dark Prince: We Love You OZZY OSBOURNE

There are moments in life that feel simultaneously surreal, understandable and poetic all in one. Today is one of those days as we mourn the loss of John Michael "Ozzy" Osbourne, one of the most ...
CSOonline

Misconfigured MCP servers expose AI agent systems to compromise

Hundreds of Model Context Protocol (MCP) servers used to link LLMs to third-party services, data sources, and tools include default configurations that could expose users to unauthorized OS command ...