The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

A design choice in the MCP SDKs allows remote code execution across the AI supply chain.

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ...

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...

Progress has released patches for multiple remote code execution and OS command injection flaws in MOVEit WAF and LoadMaster.

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.

Google Antigravity’s increasing popularity has brought the development platform into the crosshairs of researchers and ...