The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high ...
The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...
A flaw in Anthropic’s Claude Code GitHub Action let attackers bypass permission checks via a fake bot account and use prompt injection to steal OIDC tokens, gaining write access to any vulnerable ...
Microsoft Threat Intelligence has identified 3,000 ASP.NET keys disclosed in code documentation and repos that could be used in code injection attacks. Microsoft Threat Intelligence in December ...
Oracle is closing a critical code injection vulnerability in PeopleSoft with an update outside of its usual schedule.