Dark Reading

Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool

The prompt injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...
CSO Online

Prompt injection turned Google’s Antigravity file search into RCE

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

The cybersecurity company said the systemic vulnerability is baked into Anthropic's official MCP software development kit ...
InfoWorld

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and then suggested ways to exploit them. Developers can spend days using fuzzing ...
CSOonline

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch deadline. Attackers have exploited a critical Langflow RCE within hours of ...
cybermagazine

DarkSword Spyware: Is Your iPhone Watching You?

Google Threat Intelligence Group has uncovered exploit chain DarkSword, which can exfiltrate data, take screenshots & record voice from infected devices Far from paranoia, spyware is now a leading ...
thecyberexpress

Multiple Threat Actors Exploiting a Six-Vulnerability iOS Exploit Kit Dubbed “DarkSword”

It takes a single page load on a compromised Ukrainian government site, no tap, no download, no warning — and an iPhone running iOS 18.4 through 18.6.2 hands over its messages, photos, passwords, ...
GitHub

exchange_proxylogon_rce.rb

commands on the remote Microsoft Exchange Server. This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, ...
GitHub

quest_kace_systems_management_rce.rb

`\kace.local\client\agent_provisioning\windows_platform` Samba share. Additionally, various agent versions are listed on the KACE website. This module has been tested ...
SecurityWeek

CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List

The US cybersecurity agency CISA on Thursday expanded the Known Exploited Vulnerabilities (KEV) list with five flaws, including three bugs targeted by the nation-state-grade Coruna iOS exploit kit.
Hosted on MSN

Google warns of ‘Coruna’ iPhone exploit kit targeting crypto wallets on older iOS — here’s who’s at risk

lder iPhones are the main targets. The Coruna exploit affects devices running iOS 13 to iOS 17.2.1, while newer versions of iOS have patched many of the vulnerabilities. Crypto wallets are a primary ...