4+ hour, 43+ min ago   (417+ words) A critical security flaw affecting Docker's Ask Gordon AI assistant has been disclosed by cybersecurity researchers, revealing how unverified metadata can be turned into executable instructions. The issue, dubbed DockerDash by Noma Labs, exposes weaknesses across the full AI execution…...

6+ day, 3+ hour ago   (349+ words) Two serious security flaws affecting the n8n workflow automation platform have exposed weaknesses in the product's sandboxing mechanisms for JavaScript and Python code. The vulnerabilities, disclosed by the JFrog Security Research team, could allow authenticated attackers to run arbitrary commands on…...

6+ day, 8+ hour ago   (393+ words) A coordinated security update released earlier this month fixed 12 previously unknown vulnerabilities in OpenSSL, the open-source cryptographic library that underpins a large share of the world's secure communications. The issues were uncovered by AISLE and disclosed through a coordinated process…...

1+ week, 4+ day ago   (636+ words) Director of AI Security and Policy Advocacy, Zenity Earlier generations of AI systems were largely focused on classification and prediction. Large language models expanded that scope by enabling reasoning and natural language interaction, but the systems themselves still primarily generated…...

2+ week, 16+ hour ago   (398+ words) Two security vulnerabilities disclosed in the Chainlit framework have drawn attention to the growing risks posed by traditional web flaws in AI application environments. The issues, discovered by Zafran Research and tracked as CVE-2026-22218 and CVE-2026-22219, show how weaknesses in…...

2+ week, 5+ day ago   (432+ words) A critical misconfiguration in AWS CodeBuild has allowed attackers to seize control of core AWS GitHub repositories, including the JavaScript SDK that underpins the AWS Console. The issue, dubbed CodeBreach by Wiz Research, exposed a weakness in the continuous integration…...

3+ week, 1+ day ago   (235+ words) The generalization of vibe coding has already led to major security incidents, according to Palo Alto Networks. This emerging practice, which consists of writing code and developing applications via AI prompts in natural language, is being adopted by both hobbyists…...

1+ mon, 5+ day ago   (1108+ words) The scale of Common Vulnerabilities and Exposures (CVE) reporting has grown exponentially during 2025, making it another record year in the domain. According to Jerry Gamblin, principal engineer at Cisco Threat Detection & Response, 45,777 CVEs have been publicly reported to date " an…...

1+ mon, 4+ week ago   (548+ words) A critical remote code execution vulnerability in React.js has been identified. React.js is a JavaScript library for building fast, interactive user interfaces (UIs) using reusable components. The security researcher Lachlan Davidson disclosed the vulnerability on 29 November 29, 2025, to the…...

2+ mon, 2+ day ago   (343+ words) A new attempt to influence AI-driven security scanners has been identified in a malicious npm package. The package, eslint-plugin-unicorn-ts-2 version 1.2.1, appeared to be a TypeScript variant of the well-known ESLint plugin but instead contained hidden code meant to mislead automated…...