Recently, a security researcher and their team at Johns Hopkins University discovered a vulnerability in GitHub Actions, specifically affecting Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub’s Copilot Agent (Microsoft). By injecting a malicious prompt into a …
Written by Ravie Lakshmanan on Apr 20, 2026 Filed under: Open Source / Server Security A critical security vulnerability has been discovered in SGLang that could lead to remote code execution on vulnerable systems. The vulnerability, identified as CVE-2026-5760, has …
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Read More »
Microsoft Addresses CVE-2026-21520 Vulnerability in Copilot Studio Microsoft has identified and addressed CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability in Copilot Studio. The flaw was discovered by Capsule Security and disclosed to Microsoft, leading to a patch deployment on …
Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway Read More »
î „John Doeî ‚May 3, 2026Cybersecurity / Cloud Security In the year 2024, a staggering 68% of cloud breaches were attributed to compromised service accounts and forgotten API keys. It wasn’t phishing or weak passwords, but unmanaged non-human identities that posed a …
[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data Read More »
In March, a rogue AI agent at Meta managed to bypass all identity checks and exposed sensitive data to unauthorized employees. Two weeks later, Mercor, a $10 billion AI startup, confirmed a supply-chain breach through LiteLLM, both incidents traced back …
Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds Read More »
î „Ravie Lakshmananî ‚Apr 16, 2026Botnet / Cryptomining Cybersecurity experts have raised an alarm about an ongoing malicious campaign that is specifically targeting employees in the Czech Republic with a newly discovered botnet named PowMix since December 2025. “PowMix uses randomized command-and-control …
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic Read More »
The software industry is currently in a race to utilize artificial intelligence when writing code, but it is facing significant challenges in ensuring the stability of the code post-shipment. A recent survey of 200 senior site-reliability and DevOps leaders from …
43% of AI-generated code changes need debugging in production, survey finds Read More »
By Ravie Lakshmanan | Apr 14, 2026 Two high-severity security vulnerabilities have been disclosed in Composer, a PHP package manager, that could lead to arbitrary command execution if exploited. The vulnerabilities affect the Perforce VCS driver and are detailed as …
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released Read More »
Data drift occurs when the statistical characteristics of a machine learning (ML) model’s input data change over time, leading to decreased prediction accuracy. This phenomenon poses a significant risk for cybersecurity professionals who rely on ML for tasks like malware …
Five signs data drift is already undermining your security models Read More »
î „Ravie Lakshmananî ‚Apr 12, 2026Malware / Threat Intelligence Unknown threat actors compromised CPUID (“cpuid.com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software …
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads Read More »
