The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems ...

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
Android

OpenClaw-Based AI Agents Exposing 28,000 Systems to Hackers, Research Finds

OpenClaw (formerly MoltBot) has become a major security liability, with SecurityScorecard reporting that over 28,000 systems ...
The Hacker News

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.

Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft ...
Axios on MSN

Faster attacks, quicker exploits: Early testers of new AI models warn of their new abilities

The real leap in Anthropic's and OpenAI's latest cyber-capable models isn't that they can hack in entirely new ways, but that ...