Security Spotlight

Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Cato AI Labs disclosed CVE-2026-50548 and CVE-2026-50549 in Cursor IDE, CVSS 9.8 flaws enabling zero-click prompt injection to escape the sandbox and execute system commands.
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
Check Point researchers showed DeepSeek generated InfernoGrabber 9000, near-functional browser ransomware using Chrome's File System Access API to encrypt files across four OS platforms.
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Citrix patched six NetScaler ADC and Gateway vulnerabilities including a new HTTP/2 Bomb denial-of-service vector and information disclosure flaws similar to the CitrixBleed session token ...
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Apple's iOS 26.2 and macOS Tahoe 26.2 updates patch 30-plus flaws, including four WebKit vulnerabilities co-discovered by OpenAI and Anthropic AI systems.
Application Security
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
CISPA researchers disclosed six vulnerabilities in Apple AirDrop and Android Quick Share exposing more than five billion active devices to proximity attacks.
CVE Vulnerability Alerts
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
Attackers exploited SimpleHelp's OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure.
Cybersecurity
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
A threat actor compromised a Gizmodo account to serve ClickFix malware prompts to readers, exploiting brand trust to push PowerShell-based attacks at scale.
Application Security
Anthropic’s Mythos AI Found Flaws in Classified US Government Systems
Anthropic's Mythos AI found real vulnerabilities in classified US government systems during Project Glasswing testing, prompting federal access restrictions.
Cybersecurity
Multiple Groups Exploit Critical FortiSandbox Flaws Across 200 Countries
Multiple sources confirm active exploitation of CVE-2026-25089 and CVE-2026-39813 against FortiSandbox, with credentials compiled for tens of thousands of appliances.
Atlassian and Splunk Patch Critical Flaws Splunk AI Toolkit RCE, Atlassian Dependencies
Cybersecurity
Atlassian and Splunk Patch Critical Flaws: Splunk AI Toolkit RCE, Atlassian Dependencies
Atlassian and Splunk emergency patches include an OS command injection in Splunk AI Toolkit plus dozens of Atlassian Server dependency flaws