The Hacker News

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

Microsoft fixed a critical Copilot Enterprise Search flaw that could expose emails, calendars, and indexed files through one ...
SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...
The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...

7-Zip: Update closes code smuggling vulnerability

The popular compression program 7-Zip contains a vulnerability that allows the injection of malicious code. An update is ...
CIO

Enterprises know AI-generated code is vulnerable; they’re shipping it anyway

As AI systems discover and exploit flaws at unprecedented speed, organizations are still deploying software they know ...
Bleeping Computer

New Veeam vulnerabilities expose backup servers to RCE attacks

Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. Tracked as CVE-2025-59470, this ...