
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the

Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the

Check Point researchers showed DeepSeek generated InfernoGrabber 9000, near-functional browser ransomware using Chrome’s File System Access API to encrypt files

Citrix patched six NetScaler ADC and Gateway vulnerabilities including a new HTTP/2 Bomb denial-of-service vector and information disclosure flaws similar

Apple’s iOS 26.2 and macOS Tahoe 26.2 updates patch 30-plus flaws, including four WebKit vulnerabilities co-discovered by OpenAI and Anthropic

CISPA researchers disclosed six vulnerabilities in Apple AirDrop and Android Quick Share exposing more than five billion active devices to

Attackers exploited SimpleHelp’s OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure.

A threat actor compromised a Gizmodo account to serve ClickFix malware prompts to readers, exploiting brand trust to push PowerShell-based

Anthropic’s Mythos AI found real vulnerabilities in classified US government systems during Project Glasswing testing, prompting federal access restrictions.

Multiple sources confirm active exploitation of CVE-2026-25089 and CVE-2026-39813 against FortiSandbox, with credentials compiled for tens of thousands of appliances.

Atlassian and Splunk emergency patches include an OS command injection in Splunk AI Toolkit plus dozens of Atlassian Server dependency
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.