Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

Prompt injection remains the most effective way to compromise enterprise AI systems because it exploits the fundamental way ...

SAP Patchday: Critical vulnerabilities in SAP NetWeaver and other weaknesses

For the June patch day, SAP is addressing 15 new vulnerabilities in several products. Three critical ones affect NetWeaver.
GitHub

JavaSecLab - A Comprehensive Java Vulnerability Lab

JavaSecLab is a comprehensive Java vulnerability lab for application security learning, code audit practice, secure development training, and security tool evaluation. Built on Spring Boot, it ...
The Hacker News

Vulnerability | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

Google has fixed a critical flaw in its agentic integrated developer environment (IDE) Antigravity that led to sandbox escape and remote code execution (RCE) after researchers created a proof of ...
CSOonline

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java Spring ecosystem. Maintainers of Thymeleaf, a widely used template engine for ...
theregister

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic's official Model Context Protocol (MCP) puts as many as 200,000 servers ...
officechai.com

Smaller And Cheaper Models Also Managed To Discover The Same Security Bugs As Claude Mythos, Says AISLE Analysis

Claude Mythos had stunned the AI world after it had identified security vulnerabilities in browsers and operating systems, and discovered decades-old bugs, but it turns out that much smaller and ...
LinkedIn

SAP January 2026 Security Patch Fixes Multiple Critical Vulnerabilities

The security notes provide detailed guidance to SAP customers and administrators, outlining the nature of each vulnerability, the affected components, and the recommended remediation steps.
SecurityWeek

SAP’s January 2026 Security Updates Patch Critical Vulnerabilities

Enterprise software maker SAP on Tuesday announced the release of 17 new security notes as part of its January 2026 Security Patch Day. Four of the notes address critical-severity vulnerabilities. The ...
theregister

Microsoft blames Medusa ransomware affiliates for GoAnywhere exploits while Fortra keeps head buried

Medusa ransomware affiliates are among those exploiting a maximum-severity bug in Fortra's GoAnywhere managed file transfer (MFT) product, according to Microsoft Threat Intelligence. Fortra disclosed ...
Bleeping Computer

SAP fixes maximum severity NetWeaver command execution flaw

SAP has addressed 21 new vulnerabilities affecting its products, including three critical severity issues impacting the NetWeaver software solution. SAP NetWeaver is the foundation for SAP's business ...