News
OpenSSL DoS Flaw Lets Unauthenticated Attackers Trigger Massive Memory Allocation
16+ hour, 40+ min ago (349+ words) A newly disclosed critical weakness in OpenSSL lets an attacker crash a server without ever completing a handshake or proving their identity. Documented by the Okta Red Team, named “HollowByte,” the flaw takes advantage of how OpenSSL reserves memory during…...
GPT-5.6 Codex Reportedly Deletes Files From Users’ Home Directories
1+ day, 11+ hour ago (453+ words) OpenAI has confirmed that its GPT-5.6 Codex model has, in a handful of documented cases, unexpectedly deleted files from users’ home directories, raising fresh concerns about the operational safety of autonomous coding agents run outside sandboxed environments. The disclosure came…...
NadMesh Botnet Targets AI and MCP Servers With 20+ Remote Code Execution Vectors
1+ day, 10+ hour ago (434+ words) Discovered in early July 2026, NadMesh identifies itself in code as “n4d mesh controller” and operates as a long‑lived, iteratively developed botnet rather than a one‑off worm outbreak. It is written in Go and integrates Scanning, exploitation, credential theft, and…...
OpenAI GPT-Red Uses Automated Attacks to Strengthen GPT-5.6 Against Prompt Injection
2+ day, 10+ hour ago (540+ words) OpenAI has unveiled GPT-Red, an internal automated red-teaming model built to discover and exploit prompt-injection vulnerabilities at scale, and then use those findings to harden production models. The company confirms that it directly incorporated GPT-Red into the training pipeline for…...
New AI Penetration Testing Framework Covers Prompt Injection, Data Poisoning, and Agentic Tool Misuse
2+ day, 11+ hour ago (440+ words) However, many organizations still assess these systems using conventional penetration testing methods designed for web servers, APIs, and endpoints. A new AI penetration testing framework aims to close that gap by giving security researchers a structured way to evaluate how…...
GPT-5.6 Sol Ultra Builds Full Chrome Exploit Chain Using 74 AI Subagents
2+ day, 15+ hour ago (590+ words) OpenAI’s GPT-5.6 Sol Ultra model independently constructed a complete, working exploit chain against a recent version of Google Chrome, escalating from a memory corruption bug to arbitrary native code execution without step-by-step human direction. Documented by hacktron, the test used…...
F5 Fixes NGINX Flaws Enabling Code Execution, Memory Leaks and DoS Attacks
2+ day, 15+ hour ago (424+ words) F5 has disclosed three security vulnerabilities affecting NGINX Plus and NGINX Open Source, including a critical flaw that could allow remote code execution on systems with weakened memory protections. The advisories, published July 15, 2026, span core NGINX modules used widely across production…...
Claude for Chrome Flaw Lets Malicious Extensions Access Gmail and Google Docs
3+ day, 14+ hour ago (477+ words) Two unpatched vulnerabilities in Anthropic’s Claude for Chrome browser extension allow any malicious browser extension to hijack Claude’s agentic capabilities, silently reading a victim’s Gmail, Google Docs, and Calendar data. Ax Sharma at Manifold disclosed the flaws, which remain reproducible…...
Notepad++ Security Update Patches Buffer Overflow and Updater Code Execution Flaws
3+ day, 15+ hour ago (334+ words) Notepad++ maintainers have shipped version 8.9.7, addressing five security vulnerabilities, ranging from a stack buffer overflow to path-traversal flaws in the built-in updater and configuration files. The widely used open-source text editor, which serves millions of Windows users, including developers and…...
SAP July 2026 Patch Day Fixes Critical NetWeaver and AppRouter Flaws
4+ day, 13+ hour ago (425+ words) SAP’s July 2026 Security Patch Day, released on 14th July 2026, addressed 16 new security issues, alongside three updates to previously issued notes, with two critical flaws in NetWeaver and AppRouter topping the list. The most severe issue, tracked as CVE-2026-44747 and carrying a…...