PC World

WinRAR under attack by state-level hackers, according to Google

PCWorld reports that Google’s Threat Intelligence Group discovered state-sponsored hackers from Russia and China actively exploiting a critical WinRAR vulnerability (CVE-2025-8088). This security flaw ...
Dark Reading

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

The year has barely begun, but 2026 is already in familiar territory for Fortinet customers, as a new vulnerability has come under attack. On Jan. 13, Fortinet disclosed a critical flaw in its ...
The Hacker News

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system ...
TechCrunch

Anthropic’s new Cowork tool offers Claude Code without the code

On Monday, Anthropic announced a new tool called Cowork, designed as a more accessible version of Claude Code. Built into the Claude Desktop app, the new tool lets users designate a specific folder ...
The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt ...
TechCrunch

OpenAI says AI browsers may always be vulnerable to prompt injection attacks

Even as OpenAI works to harden its Atlas AI browser against cyberattacks, the company admits that prompt injections, a type of attack that manipulates AI agents to follow malicious instructions often ...
Defense News

Military experts warn security hole in most AI chatbots can sow chaos

Current and former military officers are warning that countries are likely to exploit a security hole in artificial intelligence chatbots. (Getty Images) Current and former military officers are ...
Lifehacker

ChatGPT's AI Browser Has a Nasty Security Vulnerability

Jake Peterson is Lifehacker’s Tech Editor, and has been covering tech news and how-tos for nearly a decade. His team covers all things technology, including AI, smartphones, computers, game consoles, ...
GitHub

Potential Path Traversal Vulnerability in "copyDirectoryFromPod" method

When checking the CVE-2020-8570 fix commit, I discovered that a potential CWE-22 vulnerability still exists in the "Copy.java" file "copyDirectoryFromPod" method, which affects from ...
Infosecurity-magazine.com

Gemini Trifecta Highlights Dangers of Indirect Prompt Injection

Network defenders must start treating AI integrations as active threat surfaces, experts have warned after revealing three new vulnerabilities in Google Gemini. Tenable dubbed its latest discovery the ...
The Verge

ChatGPT tricked to swipe sensitive data from Gmail

Security researchers say the vulnerability has been plugged but highlights the risks of outsourcing to AI agents. Security researchers say the vulnerability has been plugged but highlights the risks ...