Dark Reading

Patch Now: Critical Flaw in OT Robot OS Gives Attackers Control

An attacker can exploit the command injection flaw to gain remote access to robotic systems, causing significant disruption ...
Bleeping Computer

New Mirai botnet infect TBK DVR devices via command injection flaw

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. The flaw, tracked under ...

Ubiquiti patches three max severity UniFi OS vulnerabilities

Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges.
CSOonline

Chaos-Mesh flaws put Kubernetes clusters at risk of full takeover

Four newly discovered vulnerabilities in the fault simulation platform can lead to OS command injection and cluster takeover, even from unprivileged pods. Researchers have found critical ...
来自MSN

Worrying Figma MCP security flaw could let hackers execute code remotely - here's how to ...

CVE-2025-53967 allows remote code execution via figma-developer-mpc command injection flaw Vulnerability stems from unvalidated input passed to shell commands using child_process.exec Users should ...
SiliconANGLE

OpenAI Codex vulnerability enabled GitHub token theft via command injection, report finds

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...
来自MSN

OpenAI patches flaw allowing silent data leakage from ChatGPT conversations

Check Point Research found ChatGPT flaw enabling silent data exfiltration via DNS abuse and prompt injection Vulnerability allowed attackers to bypass guardrails and steal sensitive user data through ...