This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A bug in Google Chrome's Gemini AI feature could expose your data or allow attackers to monitor you. Here's how to stay protected.

Millions at Risk as Android Mental Health Apps Expose Sensitive Data

Oversecured flagged 1,575 flaws in 10 Android health apps with 14.7M installs, putting chats, CBT notes, and mood logs at risk, per BleepingComputer.
IEEE

Incorporating Domain Knowledge into GNNs for Advanced Vulnerability Detection in Java

Abstract: In recent years, security testing and vulnerability detection in source code have experienced a significant transformation with the adoption of data-driven techniques. This shift has reduced ...
GitHub

Red Hat VEX Downloader

The Red Hat VEX Downloader is a powerful Python tool designed to help security professionals, DevOps teams, and system administrators efficiently download, manage, and analyze Red Hat's Vulnerability ...
Bleeping Computer

WordPress plugin with 900k installs vulnerable to critical RCE flaw

A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files ...
winbuzzer.com

Google Translate’s Gemini Mode is Vulnerable to Prompt Injection

Google Translate can be tricked into generating dangerous content instead of translations through simple prompt injection attacks discovered this week that exploit its Gemini AI foundation. A Tumblr ...
The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as ...
Bleeping Computer

BeyondTrust warns of critical RCE flaw in remote support software

BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary ...
Cloud Security Alliance

Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems

As AI agents evolve and become increasingly autonomous, they gain the ability to perform complex tasks without direct human intervention. This capability, however, introduces new and sophisticated ...
IEEE

Machine Learning-Based Mapping of Drought Vulnerability in Java from Satellite-Derived Indices

Abstract: Drought has become an increasingly serious threat in Indonesia over recent decades, expanding in both coverage and duration, and significantly impacting agriculture, water availability, and ...
The Hacker News

DEAD#VAX Malware Campaign Deploys AsyncRAT via IPFS-Hosted VHD Phishing Files

Threat hunters have disclosed details of a new, stealthy malware campaign dubbed DEAD#VAX that employs a mix of "disciplined tradecraft and clever abuse of legitimate system features" to bypass ...