Morning Overview on MSN

An 18-year-old flaw in NGINX just gave attackers remote code execution on millions of web servers — nobody noticed for two decades

For roughly 18 years, a chunk of code inside one of the internet’s most popular web servers quietly carried a critical ...
SecurityWeek

Gogs Zero-Day Exposes Servers to Remote Code Execution

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.
SecurityWeek

Exploit Code Published for Critical Flowise RCE Vulnerability

Proof-of-concept (PoC) code has been published for a one-click RCE vulnerability in open source LLM building platform Flowise.

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) ...
Geeky Gadgets

LangChain Sandbox Run Untrusted Python Safely for AI Agents

Would you trust an AI agent to run unverified code on your system? For developers and AI practitioners, this question isn’t just hypothetical—it’s a critical challenge. The risks of executing ...
CSOonline

OpenAI patches twin leaks as Codex slips and ChatGPT spills

Command injection in Codex and a hidden outbound channel in ChatGPT exposed risks of credential theft and covert data exfiltration. OpenAI has fixed two flaws in its AI stack that could allow AI ...