The Hacker News

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two Composer flaws (CVE-2026-40176, CVE-2026-40261) allow command execution via Perforce configurations, prompting urgent ...

Data collection in Claude Code plugin raises privacy concerns for developers

Developers dig into Vercel plugin for Claude code and uncover unexpected telemetry flows running silently across unrelated ...

On-device Apple Intelligence vulnerable to prompt injection techniques

Apple Intelligence's on-device AI can be manipulated by attackers using prompt injection techniques, according to new ...
Arabian Post

Guardrails urged for AI-coded software

Security leaders are being told to treat “vibe coding” as a governance issue, not merely a productivity trend, as AI ...
Arabian Post

Claude Code guardrails falter under command overload

That matters because Claude Code is designed to operate inside terminals, edit files, run commands and handle parts of software workflows with limited human intervention. Anthropic itself has ...
SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...

In the wake of Claude Code's source code leak, 5 actions enterprise security leaders should take now

Gartner issued a same-day advisory after Anthropic leaked Claude Code's full architecture. CrowdStrike CTO Elia Zaitsev and ...

OpenClaw has 500,000 instances and no enterprise kill switch

OpenClaw has reached 500,000 internet-facing instances with three unpatched high-severity CVEs, no enterprise kill switch, ...

OpenAI patches flaw allowing silent data leakage from ChatGPT conversations

What happens when researchers think outside the box? Data gets exfiltrated through DNS.

'Not just development tools': Security experts discover critical flaw in OpenAI's Codex which could compromise entire enterprise organizations

BeyondTrust Phantom Labs finds critical command injection flaw in OpenAI’s ChatGPT Codex Vulnerability let attackers steal GitHub OAuth tokens via malicious branch names OpenAI patched with stronger ...