Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

This sneaky attack tricks Microsoft's AI assistant to hand over your data.
SecurityWeek

VS Code Vulnerability Allows One-Click GitHub Token Theft

A researcher has disclosed details of a severe VS Code vulnerability that can be exploited to steal GitHub tokens and access ...
The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...
SecurityWeek

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

7-Zip: Update closes code smuggling vulnerability

The popular compression program 7-Zip contains a vulnerability that allows the injection of malicious code. An update is ...

Oracle issues out-of-band warning about critical PeopleSoft code injection flaw

Oracle is closing a critical code injection vulnerability in PeopleSoft with an update outside of its usual schedule.

Microsoft Copilot vulnerability could allow attackers to exfiltrate 2FA codes and enterprise data

Security researchers identify "SearchLeak" vulnerability in Microsoft Copilot that allows attackers to exfiltrate 2FA codes ...