Bleeping Computer

Counter-Strike 2 HTML injection bug exposes players’ IP addresses

Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games and obtain other players' IP addresses. While initially thought to be a more severe ...
Dark Reading

GitLab's AI Assistant Opened Devs to Code Theft

An indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant could have allowed attackers to steal source code, direct victims to malicious websites, and more. In fact, ...
The Hacker News

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.

SAP Patch Day: NetWeaver vulnerability allows code injection

In March, SAP addresses partly critical security vulnerabilities in various products in 15 advisories. Admins must act.

Chrome emergency update: Two attacked code-injection vulnerabilities patched

Google released an emergency update for Chrome on Friday night. It patches two security vulnerabilities that were attacked on the internet.