Vibe-Coded Web Apps Are Leaking Sensitive Data, RedAccess Finds
RedAccess found more than 5,000 vibe-coded web apps exposing sensitive corporate and personal data through weak authentication, WIRED reports.
Security
One Trust Click Can Expose Claude Code to Remote Code Execution, Researchers Say
Adversa AI says a TrustFall proof of concept uses MCP project settings to turn Claude Code's trust prompt into remote code execution risk for developers.
Palo Alto Zero-Day Gives State-Backed Hackers Root Access Before Patch
Palo Alto Networks says state-backed hackers are exploiting an unpatched PAN-OS zero-day to gain root access on internet-exposed firewalls now.
Mozilla Details How Anthropic Mythos Found 271 Firefox Security Bugs
Mozilla says Anthropic Mythos helped uncover 271 Firefox security bugs by using an agentic harness built around browser testing and fuzzing tools.
Canvas outage turns Instructure’s breach into a public ransom showdown
Canvas went offline after ShinyHunters defaced school login pages, escalating Instructure’s student-data breach into a live extortion threat.