FFmpeg fixes PixelSmash flaw in widely used video decoder

A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under ...
The Hacker News

âš¡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
Bleeping Computer

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers. The tool is highly ...
The Hacker News

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla. Of these, 14 have been classified as high, seven have ...
Security Boulevard

SonarQube Agentic Analysis: Verify AI code as it is generated

AI coding agents like Cursor and Claude Code have fundamentally changed how software is being developed. While these assistants generate code at high speeds, they often lack the specific context of ...
Dark Reading

Bug in Google's Gemini AI Panel Opens Door to Hijacking

Google has fixed a high-severity flaw in its implementation of Gemini AI in the Chrome browser that could have allowed attackers to escalate privileges, violate user privacy while browsing, and access ...
InfoWorld

Is AI killing open source?

Open source has never been about a sprawling community of contributors. Not in the way we’ve imagined it, anyway. Most of the software we all depend on is maintained by a tiny core of people, often ...
theregister

n8n security woes roll on as new critical flaws bypass December fix

Multiple newly disclosed bugs in the popular workflow automation tool n8n could allow attackers to hijack servers, steal credentials, and quietly disrupt AI-driven business processes. The ...
CSOonline

AI-powered bug hunting shakes up bounty industry — for better or worse

AI-powered bug hunting has changed the calculus of what makes for an effective bounty program by accelerating vulnerability discovery — and subjecting code maintainers to ballooning volumes of AI flaw ...
GitHub

Movie Picture Stitching - Eagle Plugin

BREAKING CHANGES (v2.0.0): The UI has been fully rewritten to use Bootstrap 5 and a modular CSS/token system. This is a breaking release: customization that targets previous DOM selectors or CSS ...
PCQuest

Cross site scripting decoded how hackers turn a browser bug into a full scale breach

Cross-Site Scripting (XSS) attacks are often misunderstood as harmless glitches that display alerts in the browser, while in actuality they are one of the most powerful and malicious vulnerabilities ...