News

ZDNet3y
23andMe and JFrog partner to solve code injection vulnerability
CVE-2021-38305 allows attackers to bypass existing protections and run arbitrary Python code by manipulating the schema file provided as input to Yamale, according to the JFrog security research team.
Nearly half of all code generated by AI found to contain security flaws - even big LLMs affected
Report finds 45% of AI-generated code had security flaws Java is the worst offender, Python, C# and JavaScript also affected ...
The Hacker News2d
Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
The vulnerability, tracked as CVE-2025-54136 (CVSS score: 7.2), has been codenamed MCPoison by Check Point Research, owing to ...
GovInfoSecurity7d
AI Still Writing Vulnerable Code
There's been little improvement in how well AI models handle core security decisions, says a report from application security ...
The Hacker News6d
Cursor AI Code Editor Fixed Flaw Allowing Attackers to Run Commands via Prompt Injection
Critical flaw in Cursor AI editor let attackers execute remote code via Slack and GitHub—fixed in v1.3 update.
Cybernews7d
AI-generated code is functional, but not secure at all, researchers warn
AI-generated code introduces significant security flaws, with only 55% of generated code being secure across various models ...
Threat Post8y
Java, Python FTP Injection Attacks Bypass Firewalls
The next Oracle Critical Patch Update is scheduled for April 18. German researcher Alexander Klink found a vulnerability in Java’s FTP URL handling code that allows protocol stream injection.
Google's Gemini CLI agent could run malicious code silently
The recently introduced Google Gemini CLI agent, which provides a text based command interface to the company's artificial ...