The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Cisco: Code injection vulnerability in Unity Connection and other flaws

Cisco has released almost two dozen security updates. They close several high-risk flaws, for example in Unity Connection.
The Hacker News

Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak

Critical out-of-bounds read in Ollama before 0.17.1 leaks process memory including API keys from over 300000 servers via ...
TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. A newly disclosed vulnerability in GitLab Duo ...

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install backdoors.
InfoWorld

GitHub rolls out AI-powered fixes for code vulnerabilities

Copilot Autofix, a new addition to the GitHub Advanced Security service, analyzes vulnerabilities in code and offers code suggestions to help developers fix them. GitHub has unveiled Copilot Autofix, ...

Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”

Unlike previous vulnerability disclosure slop, Grinstead said, the details provided by its harness-guided Mythos analysis, ...