The Hacker News

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks

Unpatched Gogs flaw CVE-2025-8110 enables file overwrite and code execution, driving over 700 confirmed compromises.
The Hacker News

Active Attacks Exploit Gladinet's Hard-Coded Keys for Unauthorized Access and Code Execution

Huntress reports active attacks abusing Gladinet’s fixed cryptographic keys to forge tickets and gain remote code execution ...

Malicious VSCode Marketplace extensions hid trojan in fake PNG file

A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with ...

Mistral AI surfs vibe-coding tailwinds with new coding models

French AI startup Mistral today launched Devstral 2, a new generation of its AI model designed for coding, as the company ...

Your Samsung phone may soon read your PDFs before you do

Leaked One UI 8.5 code suggests Samsung's My Files app will soon offer short summaries for PDF and text files before you open them.

Research claims legacy .NET proxy behavior creates fresh path to remote system compromise

In the Barracuda Networks Inc. case, a single unauthenticated SOAP request was sufficient to force the application to import ...
Infosecurity Magazine

Malware Discovered in 19 Visual Studio Code Extensions

A new campaign involving 19 malicious Visual Studio Code extensions used a legitimate npm package to embed malware in ...

Visual Studio Code 1.107 launches with multi-agent orchestration and Agent HQ

Microsoft's latest VS Code update enables Copilot and custom agents to collaborate via the new Agent HQ. It also integrates ...

New Splunk Windows Flaw Enables Privilege Escalation Attacks

Splunk for Windows has a high-severity flaw that lets local users escalate privileges through misconfigured file permissions.
The Manila Times

Augment Code Unveils New Code Review Agent to Eliminate Review Debt and Restore Flow to Modern Software Development

Built for large, long-lived codebases, Augment’s Code Review leads industry benchmarks, catches issues missed by competing ...
Dark Reading

Attackers Exploited Gogs Zero-Day Flaw for Months

Wiz disclosed a still-unpatched vulnerability in self-hosted Git service Gogs, which is a bypass for a previous RCE bug ...
Security Boulevard

From Chatbot to Code Threat: OWASP’s Agentic AI Top 10 and the Specialized Risks of Coding Agents

The rise of autonomous AI Agents – systems that plan, delegate, and execute complex workflows – has fundamentally reshaped the application security landscape. Just yesterday, the OWASP GenAI Security ...