CVE-2026-28292 is a CVSS 9.8 remote code execution in simple-git (12.4M+ weekly npm downloads). A missing regex flag bypasses two prior CVE fixes (CVE-2022-25912, CVE-2022-25860). Full PoC, root cause analysis, and fix. Discovered by CodeAnt AI.

CVE-2026-26117 lets low-privileged users hijack Azure Arc, escalate to SYSTEM, and take over the machine’s cloud identity and RBAC access.

Summary UNISOC (Shanghai) Technologies Co., Ltd. is a top-three global fabless semiconductor company headquartered in Shanghai, specializing in 2G/3G/4G/5G mobile communication, IoT, and smart device chipsets. Formerly Spreadtrum, it serves major brands like…

Break your AI agents before someone else does. Security scanning for system prompts, MCP servers, and AI coding agents.

Posted by Sea_Warthog_4431 - 1 vote and 0 comments

All work and no tokens makes Claude a dull boy...

Extension for Visual Studio Code - Static scanner for prompt injection (OWASP LLM01), API key leaks & jailbreaks in code. Local, fast, no LLM calls.

Four AI assistant vulnerabilities in Q1 2026 prove that Copilot, Gemini, and Perplexity Comet have become weaponizable attack vectors. Technical analysis of CVE-2026-26144, CVE-2026-0628, CVE-2026-24307, and PleaseFix.

Call for Papers - What we are looking for, What you get, and Submission Guidelines for NaClCON.

Powered by Hudson Rock's continuously augmented cybercrime database, composed of millions of machines compromised by Infostealers in global malware spreading campaigns.

17 verified security issues. 3 devices. 308 exfiltration logs. Full responsible disclosure.

Explore how MicroStealer operates, what risks it creates for enterprises, and how ANY.RUN helps security teams detect it faster.

Learn how CVE-2026-21509 exploits untrusted inputs to bypass Microsoft Office security protections and what mitigation steps to take...

Zero-Trust Autonomy Control for AI Agents. The first control plane that governs entire multi-step agent workflows.