The attack that hijacked Claude Code came through Sentry. Datadog, PagerDuty, and Jira have the same exposure.

Tenet Security hijacked Claude Code in 85% of tests via a fake Sentry error — no stolen credentials, no alerts. Datadog and ...

Update Chrome Now: Google Fixes 18 Security Flaws, Including Critical Bugs

Google’s Chrome 149 security update fixes 18 bugs, including four critical flaws affecting WebGL, Autofill, and Blink ...
ADTmag

Undo Brings AI-Powered Bug Investigation to Automated Software Development

New root cause analysis technology gives AI coding agents the ability to diagnose application failures and deliver actionable debugging insights with less developer involvement.
Redmond Magazine

Microsoft Disrupts StegoAd Extension Campaign Affecting Up to 2.6 Million Users

Microsoft disrupted StegoAd, a malicious browser extension campaign affecting up to 2.6 million users. StegoAd used hidden payloads, delayed execution and steganography to evade browser security ...
IEEE

Protecting Source Code Privacy When Hunting Memory Bugs

Abstract: When proving to a third party that a software system is free from critical memory bugs, software vendors often face the problem of having to reveal their source code, so that the third party ...
The Hacker News

âš¡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...
GitHub

shuvonsec/claude-bug-bounty

Here's what you see when you launch it ...
Graham Cluley

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

What if your AI coding assistant could be tricked into stealing your own company’s secrets – by reading a single ...
Hacker

Working Code, Wrong Engineering: Why AI-Generated Code Needs System-Definition Tests

PMM (ex-Engineer, Sales & SAP veteran) with 25+ yrs bridging tech and enterprise. Writing on AI, Zero Trust & Linux ...
Bleeping Computer

Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. The security issues are tracked as ...
The Hacker News

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in ...
Microsoft

Securing CI/CD in an agentic world: Claude Code Github action case

Microsoft Threat Intelligence discovered that Anthropic’s Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull ...