Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations

Researchers managed to steal GitHub OAuth tokens by abusing a command injection vulnerability.

Researchers discover OpenAI Codex vulnerability involving Unicode characters

Hackers can steal your GitHub tokens through OpenAI’s Codex using nothing more than a sneaky branch name ...
The Hacker News

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

ChatGPT and Codex flaws patched Feb 2026 exposed DNS exfiltration and GitHub tokens, raising enterprise AI security risks.
ZDNet

Patch released for Fortinet command injection vulnerability

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...
Yahoo

Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation

Fortinet Technologies Canada office on Oct. 15, 2023, in Nepean, Canada. The cybersecurity company disclosed a customer data breach on Sept. 12, 2024. This story was originally published on ...

OpenAI patches flaw allowing silent data leakage from ChatGPT conversations

What happens when researchers think outside the box? Data gets exfiltrated through DNS.
Bleeping Computer

Critical Rust flaw enables Windows command injection attacks

Threat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks. GitHub rated this vulnerability as critical severity with a ...
Bleeping Computer

Latest Command Injection news

Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. Threat actors can exploit a security ...