Researchers from the AI Now Institute have discovered a significant flaw in AI coding agents, specifically Anthropic's Claude Code and OpenAI's Codex. Their proof-of-concept, termed 'Friendly Fire', reveals that these AI systems can inadvertently execute malicious code when tasked with scanning open-source projects for vulnerabilities. This occurs when the AI operates in an autonomous mode that allows it to approve and run code without human oversight. The implications of this are serious, as it could lead to unintentional security breaches on users' machines, potentially exposing sensitive information or allowing further attacks. Developers and organizations using these AI tools need to be aware of this risk and implement safeguards to prevent such incidents.
Articles tagged "Vulnerability"
Found 928 articles
A lone attacker successfully breached a large AWS cloud environment in just 72 hours by exploiting artificial intelligence workflows, taking advantage of cloud vulnerabilities, and using stolen credentials. This incident targeted a significant Amazon customer, resulting in an extortion attempt. The implications are serious, as it showcases how AI can be manipulated for malicious purposes and emphasizes the need for stronger security measures in cloud environments. Organizations using cloud services should be especially vigilant about credential management and vulnerability assessments to prevent similar attacks. This incident serves as a warning for companies relying on cloud infrastructure to enhance their security protocols.
Security Affairs
Ubiquiti has addressed seven vulnerabilities in its UniFi OS, among which is a critical flaw designated as CVE-2026-50746. This particular vulnerability, with a maximum severity score of 10.0, allows for command injection attacks within the UniFi Connect Application, affecting versions 3.4.16 and earlier. This means that attackers could potentially execute arbitrary commands on the affected systems, leading to possible unauthorized access or control. Users of the UniFi Connect Application are urged to update their software to safeguard against these vulnerabilities. The implications of these flaws are significant, as they could expose sensitive data and disrupt services for organizations relying on Ubiquiti's solutions.
The Hacker News
Ubiquiti has released critical updates to address serious security vulnerabilities affecting several of its products, including UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS. One of the vulnerabilities, identified as CVE-2026-50746, has a CVSS score of 10.0, indicating its severity. These flaws could allow attackers to gain unauthorized privileges and execute arbitrary commands, posing significant risks to users. The affected systems are widely used in network management and security, making the urgency of these patches clear. Users are strongly advised to apply the updates to protect their systems from potential exploitation.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that federal agencies prioritize patching a vulnerability in Langflow, a visual framework used for building AI agents. This flaw allows unauthorized access, making it easier for attackers to exploit systems that use Langflow. Agencies have until Friday to address this issue, as it is currently being actively exploited. The urgency of this directive emphasizes the critical nature of maintaining secure software environments, especially in federal operations where sensitive data may be at risk. By patching this vulnerability, agencies can protect themselves from potential breaches and unauthorized access to their systems.
Ubiquiti has issued urgent security updates to address seven vulnerabilities in its UniFi OS, including a particularly severe flaw that could allow attackers to execute command injection attacks. This vulnerability is critical because it gives unauthorized users a way to run malicious commands on affected systems. The issue affects various Ubiquiti products that utilize UniFi OS, which is widely used in network management. Users and organizations that rely on these devices should prioritize applying the latest patches to protect their networks. Failure to update could leave systems exposed to potential attacks, putting sensitive data at risk.
A serious flaw known as GhostLock (CVE-2026-43499) has been discovered in the Linux kernel, affecting numerous distributions since 2011. This 15-year-old vulnerability allows any logged-in user to gain root access to an unpatched machine without needing special permissions or network access. Essentially, if users are logged in, they can exploit this flaw to take full control of the system. Given that this vulnerability has been included by default in nearly all mainstream Linux distributions, it poses a significant risk to users and organizations that have not applied the necessary patches. Immediate action is required to address this security issue, as it exposes systems to potential compromise and misuse.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. One of the most critical is CVE-2026-48282, a path traversal vulnerability in Adobe ColdFusion that could allow attackers to execute arbitrary code. This flaw has a maximum CVSS score of 10.0, indicating its severity. Additionally, vulnerabilities in Joomla and Langflow have also been flagged, though specific details about those flaws were not provided in the article. Organizations using affected products should prioritize applying patches and updates to mitigate these risks, as exploitation in the wild can lead to significant data breaches or system compromises.
A long-standing vulnerability in the Linux kernel has been identified that could allow attackers to escape from a virtual machine (VM) and gain root access to the host server. This bug has remained dormant for 16 years, affecting various Linux-based systems. If a hypervisor is compromised, it could lead to severe security risks, as attackers could take control of the underlying server. This incident raises concerns for organizations relying on virtualized environments, as the potential for unauthorized access could lead to data breaches or further exploitation. Companies using vulnerable versions of the Linux kernel should prioritize assessing their systems for this risk and consider applying available patches.
A newly discovered vulnerability in GitHub's Agentic Workflows allows attackers to exploit public repositories to access private data. By creating a GitHub Issue in an organization's public repository, an unauthenticated user can pull sensitive information from the organization's private repositories without detection. This flaw poses a serious risk to organizations that rely on GitHub for collaboration and data management, as it could lead to unauthorized access to confidential information. Organizations must be vigilant about their repository settings and consider implementing stricter access controls to prevent such exploitation. The implications of this vulnerability could be significant, affecting not just individual projects but entire organizations' data security practices.
Researchers have identified a serious vulnerability in Writer, a generative AI platform used by enterprises, which could allow unauthorized users to access session tokens across different tenants. This flaw, dubbed WriteOut, was found by the Sand Security Research team and has since been patched. It required just one click for an attacker to exploit, potentially granting them access to any Writer AI account. This breach could compromise sensitive data and user privacy, particularly affecting organizations that rely on Writer for their operations. Companies using Writer should ensure they have applied the latest patches to mitigate any risks stemming from this vulnerability.
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, signaling that they are actively being exploited by attackers. The vulnerabilities include CVE-2026-48908, which affects JoomShaper SP Page Builder, allowing unrestricted file uploads of dangerous types; CVE-2026-55255, an authorization bypass in Langflow; and CVE-2026-56290, which involves improper access control in Joomlack Page Builder. These vulnerabilities pose significant risks, particularly to federal agencies, as they can grant attackers total control over affected systems. CISA encourages all organizations to adopt a risk-based approach to vulnerability management, emphasizing the importance of addressing these high-risk vulnerabilities swiftly. Agencies are required to check for any compromise before applying patches as part of their remediation process.
Siemens has identified multiple vulnerabilities in its SINEC OS, particularly affecting the RUGGEDCOM RST2428P product. The issues stem from improper input validation, leading to potential allocation failures that could compromise system operations. Siemens has recommended users upgrade to version 4.0 or later to mitigate these risks. The vulnerabilities have been assigned CVE identifiers, indicating their recognition in the cybersecurity community. This situation is significant as it affects industrial control systems, which are critical for operational integrity and security.
CISA has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, specifically CVE-2026-48282, which affects Adobe ColdFusion. This path traversal vulnerability allows attackers to gain unauthorized access and control over affected systems, posing significant risks, particularly to federal agencies. The Binding Operational Directive (BOD) 26-04 emphasizes the need for federal agencies to address high-risk vulnerabilities quickly, while also encouraging all organizations to adopt similar risk-based vulnerability management practices. CISA will continue to update the catalog as new vulnerabilities are identified, and organizations are urged to report any exploited vulnerabilities not currently listed. Rapid remediation is essential to mitigate potential exploitation risks.
Siemens Mendix Studio Pro has a significant security vulnerability that affects multiple versions of the software, specifically those before version 11.12. This flaw allows attackers to execute arbitrary code by tricking users into opening malicious project files during the build process. The affected versions include Mendix Studio Pro 10.11 through 10.24, as well as 11.0 through 11.9. Siemens has released updates to address this issue, urging users to upgrade to version 10.24.21 or later, or version 11.6.7 or later. This vulnerability poses a serious risk, particularly in critical sectors like manufacturing and energy, making timely updates essential to protect user systems from potential exploits.