Bleeping Computer

Counter-Strike 2 HTML injection bug exposes players’ IP addresses

Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games and obtain other players' IP addresses. While initially thought to be a more severe ...
The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
Dark Reading

GitLab's AI Assistant Opened Devs to Code Theft

An indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant could have allowed attackers to steal source code, direct victims to malicious websites, and more. In fact, ...
TechRepublic

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’

GitLab Vulnerability ‘Highlights the Double-Edged Nature of AI Assistants’ Your email has been sent A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and ...
Hosted on MSN

Robinhood phishing exploit used Gmail alias and HTML injection

Robinhood confirmed a phishing campaign that exploited its account creation process and Gmail’s dot alias feature to send convincing fake security alerts from its official email address. Attackers ...
Dark Reading

Vulnerabilities Discovered In Twitter, Google Calendar

Cross-site scripting (XSS) vulnerabilities in Twitter and Google Calendar could be used to steal cookies and session IDs, according to a security researcher. Nir Goldshlager, a researcher with Avnet ...