Security experts flag multiple issues in Claude Code, warning

An AI assistant can quickly turn into a malicious insider, so be careful with permissions.
TechJuice

Researchers Claim Malicious Repositories Turn Claude Code Into an Ideal Hacker’s Tool

Security researchers disclose critical vulnerabilities in Anthropic’s Claude Code that allow remote code execution and credential theft.
ZDNet

23andMe and JFrog partner to solve code injection vulnerability

Security researchers at JFrog worked with biotechnology company 23andMe to address a vulnerability with Yamale, a tool written by the company and used by over 200 repositories. The smartest companies ...
SecurityWeek

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.

Terra Security Finds Widespread Exploitable Flaws in AI-Driven Applications, Copilots, and AI-Generated Code

After months of real-world testing of AI copilots, chat interfaces, and AI-generated apps, Terra Security releases a new module for continuous AI Penetration Testing to match AI development velocity ...
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...
Infosecurity Magazine

Microsoft Fixes Six Zero Day Vulnerability in February Patch Tuesday

CVE-2026-21525 is a denial-of-service vulnerability affecting the Windows Remote Access Connection Manager. “Exploitation is local, requires no privileges, and does not rely on user interaction,” ...