For you Ai Security Dev Cloud Hardware Startups Releases General

Top stories

🎧 Today's Briefs Listen by category β†’
AiCloudDevGeneralHardwareReleasesSecurityStartups
1 source 1 report 21h ago

Cursor AI Code Editor Flaws Could Allow Command Execution via Prompt Injection

Two critical vulnerabilities in Cursor, tracked as CVE-2026-50548 and CVE-2026-50549, could enable command execution outside the editor's safety sandbox, affecting many Fortune 500 companies. The flaws, identified by Cato AI Labs and rated 9.8/10 in severity, can be exploited through prompt injection without user interaction, necessitating an immediate software update to the patched version 3.0.

security vulnerabilities cursor ai
1 source 2 reports 21h ago

Critical Vulnerability in Progress Kemp LoadMaster Enables Root Command Execution

A critical vulnerability (CVE-2026-8037) in Progress Kemp LoadMaster permits unauthenticated root command execution via API requests. Patches are released to mitigate the CVSS 9.8 flaw. Reports indicate active exploitation attempts, causing security concerns among users.

security vulnerability loadmaster cve progress
1 source 1 report 21h ago

AI-Generated Ransomware Discovered Exploiting Chromium API on Windows and Android

A new ransomware artifact created by the AI model DeepSeek combines theoretical attacks with real browser functionality, enabling browser-based ransomware on Windows and Android. This marks the first identified practical attack chain of its kind, indicating a significant shift in the cybersecurity threat landscape.

security ransomware cybersecurity ai malware
1 source 1 report 1d ago

Realta Fusion generates electricity from fusion reaction, marking industry milestone

Realta Fusion conducted an experiment demonstrating electricity generation directly from its fusion device, WHAM, which successfully powered a lightbulb. This marks the first time a private company has publicly achieved this, potentially advancing the profitability of fusion power through higher energy efficiency.

general fusion energy startups innovation
1 source 1 report 1d ago

GuardFall Exploits Decades-Old Shell Injection Risks in AI Coding Agents

New research from Adversa AI reveals that the GuardFall vulnerability allows bypassing safety checks in AI coding agents. This poses risks of executing malicious shell commands with full account access across multiple popular open-source agents.

dev ai security
1 source 1 report 1d ago

AirDrop and Quick Share Vulnerabilities Found, Affecting Millions of Devices

Researchers discovered six security flaws in Apple's AirDrop and Samsung's Quick Share, enabling attackers nearby to crash file-sharing services. Apple has already patched one of the identified vulnerabilities, but others remain under investigation, impacting potentially five billion devices globally.

security airdrop file-sharing vulnerabilities
1 source 1 report 1d ago

Critical Flaw CVE-2026-46817 in Oracle E-Business Suite Exploited

A critical vulnerability in Oracle E-Business Suite, CVE-2026-46817, is now being actively exploited. Impacting versions 12.2.3 to 12.2.15, the flaw allows unauthenticated attackers to take control of Oracle Payments, necessitating immediate patching for affected instances.

security oracle vulnerability exploit
1 source 1 report 1d ago

South Korea invests $1T in memory chips and humanoid robots by 2028

South Korea plans to invest $1 trillion in memory chip production and humanoid robot deployment by 2028. This initiative aims to address global memory chip shortages and advance AI infrastructure amid rising demand.

startups semiconductors ai robots south korea
1 source 1 report 1d ago

Supreme Court Rules Government Requires Warrant for Geofence Warrants

The Supreme Court ruled that government access to a user’s location history requires a warrant. This ruling underscores the Fourth Amendment's protections for digital privacy, limiting law enforcement's ability to utilize geofence warrants without substantial proof of necessity.

general supreme court geofence warrants privacy location tracking
1 source 1 report 1d ago

Mustang Panda Exploits Zoho WorkDrive in Campaign Against Indian Government

The Mustang Panda group has launched campaigns targeting the Indian government, utilizing Zoho WorkDrive to transmit commands and steal data. This approach leverages legitimate service traffic to mask malicious activities and is part of broader espionage efforts aimed at India's hydropower initiatives and defense relations with Taiwan.

security mustang panda zoho malware espionage
1 source 2 reports 1d ago

DirtyClone Vulnerability in Linux Kernel Allows Local Root Access Exploits

The DirtyClone vulnerability (CVE-2026-43503) affects the Linux kernel, allowing local users to gain root privileges using cloned network packets. This flaw poses significant security risks in environments like multi-tenant clouds and Kubernetes clusters. The patch was released, and users are advised to update their systems immediately.

security linux vulnerability kernel malware
1 source 1 report 1d ago

Microsoft Removes 119 Malicious Edge Extensions Involved in Malware Operation

Microsoft has removed 119 Edge extensions from its Add-ons store that concealed malware within images and fonts, compromising user credentials and facilitating ad fraud. The extensions, installed by up to 2.6 million users, utilized steganography to hide malicious code, operating undetected for years.

security malware edge extensions
1 source 1 report 1d ago

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public proof-of-concept has been released for CVE-2026-55200, a critical flaw in libssh2 that may allow memory corruption and code execution for connected clients. This vulnerability affects all versions up to 1.11.1, posing significant risks as libssh2 is widely used in various applications and systems.

security libssh2 cve-2026-55200 ssh flaw
1 source 1 report 1d ago

Hijacked npm and Go Packages Deploy Python Infostealer via VS Code Tasks

Cybersecurity researchers have identified hijacked npm and Go packages that deploy a Python-based infostealer on compromised systems. This method utilizes a concealed VS Code task to execute malware upon opening a project folder, facilitating data theft and persistent access.

security cybersecurity malware npm vscode
1 source 1 report 4d ago

China's LineShine crowned world's fastest supercomputer, surpassing El Capitan

China's supercomputer LineShine has become the fastest globally, reclaiming the title for the first time since 2018. This development is significant in light of ongoing US trade restrictions on high-powered computing components, highlighting China's ability to innovate despite challenges.

general china supercomputing technology trade
1 source 2 reports 4d ago

Tesla Settles FSD Crash Lawsuit Amid Ongoing Federal Investigation

Tesla has settled a lawsuit concerning a fatal crash involving its Full Self-Driving (FSD) system while federal investigations into the system's safety continue. The National Highway Traffic Safety Administration is examining if FSD can adequately handle low visibility conditions, after several incidents, potentially affecting future Tesla recalls or regulations.

security autonomous fsd investigation lawsuit
1 source 1 report 4d ago

Anonymous GitHub user releases unpublished zero-days for major software

An anonymous GitHub account has begun releasing previously undisclosed zero-day vulnerabilities in popular software, including Floci and FFmpeg. The account claims to utilize an AI-driven fuzzing workflow and intends to share serious vulnerabilities, impacting software security practices.

security ai github vulnerabilities
1 source 1 report 4d ago

Russian hackers identified as responsible for $2.5B Jaguar Land Rover breach

A cyberattack on Jaguar Land Rover (JLR) last year has been traced to Russian hackers. The breach caused production delays and significant economic losses, prompting a Β£1.5 billion government bailout.

security cybersecurity hack jaguarlandrover russianhackers
1 source 1 report 4d ago

Linux pedit COW Exploit Allows Root Access via Cached Binary Poisoning

A critical flaw in the Linux kernel's traffic-control subsystem allows unprivileged users to gain root access on vulnerable systems. The exploit targets the memory cache of setuid binaries, enabling attackers to inject and execute malicious code while bypassing file integrity checks.

security exploits kernel linux
1 source 2 reports 4d ago

CISA Warns of Exploited Flaws in Lantronix EDS5000 and PTC Windchill

The CISA has issued alerts concerning the exploitation of critical vulnerabilities in Lantronix EDS5000 and PTC Windchill systems. The Lantronix flaw allows code execution with escalated privileges, while the Windchill vulnerability enables remote code execution. Both alerts urge immediate patching to mitigate risks posed by these active threats.

security cisa cybersecurity exploit ptc
1 source 1 report 4d ago

Miasma Malware Compromises npm Packages and GitHub Actions

Researchers identified a supply chain attack involving Miasma malware targeting multiple npm packages and GitHub Actions. The attack compromises developer credentials to propagate malware across various software ecosystems, posing significant security risks.

security github malware npm supply-chain
1 source 1 report 4d ago

Anthropic accuses Alibaba of major cloning attack on Claude model

Anthropic has accused Alibaba of conducting the largest attack to clone its AI model, Claude, by illicitly generating over 28.8 million exchanges. This incident highlights increasing concerns about Chinese firms attempting to evade US AI development costs and the potential impact on US national security.

ai security
1 source 1 report 4d ago

Popular Chrome Ad Blocker Can Execute Arbitrary JavaScript Code

The Chrome ad blocker 'Adblock for YouTube,' with over 10 million installs, has been found to contain functionality for executing arbitrary JavaScript code remotely. This could potentially allow for significant privacy risks, including data theft, although no malicious activity has been reported to date.

security adblock chrome privacy
1 source 1 report 4d ago

New Mistic Backdoor Discovered Linked to KongTuke in Cyber Attack Campaigns

A new backdoor named Mistic has emerged in attacks directed at various sectors, linked to the KongTuke group. The stealthy malware is designed for long-term access, employing sophisticated evasion techniques such as memory-based execution and DLL side-loading, marking a significant threat to targeted organizations.

security cybersecurity malware mistic threats
1 source 1 report 4d ago

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited for Root Access

A zero-day vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20245, has been exploited to gain root access by an unknown threat actor. This flaw, identified by Mandiant, allows an authenticated attacker to execute commands by manipulating user input, raising serious security concerns for affected systems.

security cisco sd-wan vulnerability
1 source 1 report 4d ago

Law Enforcement Disrupts Amadey and StealC Malware Networks, Reclaims 27M Credentials

A law enforcement operation disrupted the Amadey and StealC malware networks, recovering 27 million stolen credentials and restricting over $47 million in criminal cryptocurrency assets. This takedown involved 326 servers and 142 domains and highlights the effectiveness of public and private sector collaboration in combating cybercrime.

security credentials cybercrime law enforcement malware
1 source 1 report 4d ago

Flaws in Cordyceps CI/CD Expose 300+ GitHub Repositories to Cyber Attacks

Researchers identified a CI/CD vulnerability, codenamed Cordyceps, affecting over 300 repositories on GitHub. This flaw allows unauthenticated users to hijack workflows, posing significant risks to the supply chain of major organizations like Microsoft and Google.

security ci/cd github vulnerability
1 source 1 report 4d ago

Emergence of AI Threat Models Marks a New Era in Cybersecurity

The rise of frontier agentic AI models has drastically reduced the time from threat discovery to execution in cybersecurity. This shift poses a significant risk as AI can exploit vulnerabilities faster than human defenders can respond.

security ai cybersecurity threats vulnerabilities
1 source 7 reports 4d ago

Google I/O 2026: Launch of Gemini 3.5 and Gemini Omni Models

At Google I/O 2026, Google announced advancements in AI technology with the introduction of Gemini 3.5 Flash for enhanced coding efficiency and Gemini Omni for multimodal video creation. These innovations reflect a significant surge in AI token processing to 3.2 quadrillion monthly, underscoring growing demand and adoption of AI capabilities.

ai dev gemini general google
3 sources 3 reports 2h ago Updated 1h ago

Meta Introduces $19.99 Subscription for Expanded Smart Glasses Feature Access

Meta has implemented a $19.99 subscription model for its AI glasses, particularly affecting the 'Conversation Focus' feature. Previously free, this feature will now be limited to three hours of monthly use without a subscription, while subscribers will get 15 hours. This move is part of Meta's broader strategy to monetize certain features across its platforms.

ai meta smart glasses subscription augmented-reality
3 sources 3 reports 2h ago Updated 1h ago

ClickFix Malware Exploits Rise in 2025, Leveraging API and Social Media Ads

ClickFix has become a major method of malware delivery in 2025, utilizing deceptive techniques like fake prompts and API-driven servers. Researchers found these attacks often evade detection by exploiting user habits and leveraging social media ads to spread malware disguised as legitimate applications. This growing method underscores the importance of enhancing security awareness and defenses against social engineering tactics.

security malware clickfix api microsoft
3 sources 3 reports 2h ago Updated 1h ago

Meta Develops Cloud Service to Monetize AI Compute Capacity

Meta is reportedly developing a cloud infrastructure service called 'Meta Compute' to monetize its AI compute capacity, putting it in direct competition with cloud giants like AWS and Google Cloud. This strategic move aims to utilize Meta's significant investments in AI infrastructure and offset costs while potentially disrupting the cloud computing industry. It matters because it reflects a broader trend of tech companies leveraging their data center assets to generate additional revenue.

cloud ai startups meta computing
3 sources 3 reports 2h ago Updated 1h ago

FortiBleed Campaign Compromises Fortinet Devices, Linked to Ransomware Groups

The FortiBleed campaign has been connected to the INC and Lynx ransomware groups, compromising credentials from Fortinet devices. Researchers found the operation entailed scanning 11,250 FortiGate portals and compromised 354 targets, leading to 12 ransomware deployments. The breach highlights significant cybersecurity risks, affecting organizations globally.

security ransomware credential-theft fortinet fortibleed
3 sources 3 reports 2h ago Updated 1h ago

CISA Adds Actively Exploited Microsoft SharePoint RCE Vulnerability to KEV Catalog

CISA added CVE-2026-45659, a remote code execution vulnerability in Microsoft SharePoint, to its Known Exploited Vulnerabilities catalog due to active exploitation. The flaw, affecting SharePoint Server Subscription Edition, Server 2019, and Enterprise Server 2016, allows authenticated attackers to execute code without elevated privileges. Federal agencies are required to patch the issue by July 4, 2026.

security microsoft sharepoint vulnerability cisa
3 sources 3 reports 2h ago Updated 1h ago

Apple's 'Hide My Email' Feature Reportedly Exposes Real Email Addresses

A critical vulnerability in Apple's 'Hide My Email' feature reportedly exposes real email addresses, compromising user anonymity. The bug was identified by EasyOptOuts' Tyler Murphy and remains unresolved despite being reported to Apple over a year ago. This issue affects iCloud+ users who rely on the feature for privacy.

security privacy email apple
3 sources 3 reports 2h ago Updated 1h ago

19-Year-Old Extradited to U.S. for Scattered Spider Hacking Charges

Peter Stokes, a 19-year-old with dual U.S. and Estonian citizenship, has been extradited from Finland to face U.S. charges related to the Scattered Spider hacking group. He faces accusations of conspiracy, computer intrusion, and fraud, including a significant breach of a luxury jewelry retailer. This case highlights ongoing efforts to combat organized cybercrime.

security cybercrime hacking law enforcement scattered spider
3 sources 3 reports 2h ago Updated 1h ago

Xbox Tests Disc-to-Digital Feature for Physical Game Collections

Microsoft has started testing a disc-to-digital feature for Xbox, enabling owners to convert Xbox One and Series X/S physical games to digital formats. This comes amid a rise in digital gaming, aligning with industry trends after Sony's decision to halt physical game disc production by 2028.

releases microsoft xbox digital gaming
3 sources 3 reports 2h ago Updated 1h ago

Anthropic Releases Economical AI Model Claude Sonnet 5 for Enhanced Agentic Tasks

Anthropic has unveiled Claude Sonnet 5, an advanced AI model designed for agentic capabilities, available on AWS. This model provides substantial improvements in planning, tool use, and coding over previous versions at a lower cost, aiming to compete with top-tier AI models.

ai releases startups cloud
3 sources 3 reports 2h ago Updated 1h ago

WhatsApp Introduces Usernames for Privacy Amid Impersonation Concerns

WhatsApp is rolling out user-friendly usernames to enhance privacy, removing the need to disclose phone numbers. The feature aims to protect user identities; however, it raises concerns about possible impersonation, especially in India.

security whatsapp privacy usernames messaging
2 sources 2 reports 2h ago Updated 1h ago

Cloudflare to Block Mixed-Use AI Web Crawlers by 2026

Cloudflare will block mixed-use web crawlers from accessing ad-supported sites starting September 15, 2026. This policy aims to give website owners more control over how AI companies use their content, potentially affecting AI models' access to web data.

cloud cloudflare ai web crawlers
More stories β†’