'LeakyLooker' flaws let hackers gain access to user information in Google Looker Studio

Nine bugs were found in Google's Looker Studio which could have allowed outside access.
Hosted on MSN

Another worrying WordPress plugin security flaw could put 250,000 websites at risk

Ally WordPress plugin carried SQL injection flaw (CVE-2026-2413) Vulnerability left ~246,600 sites exposed to data theft Fixed in version 4.1.0; WordPress urges immediate updates A popular WordPress ...
SecurityWeek

Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks

A vulnerability in the Ally WordPress plugin exposes over 200,000 websites to sensitive information disclosure via SQL queries.
SecurityWeek

Critical N8n Vulnerabilities Allowed Server Takeover

Two critical-severity n8n vulnerabilities could have led to unauthenticated remote code execution, sandbox escape, and credential theft.
The Hacker News

ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More

ThreatsDay: OAuth abuse, Signal hijacks, Zombie ZIP evasion, Teams malware, AI hack, RondoDox botnet, and more cyber stories.
Microsoft

Detecting and analyzing prompt abuse in AI tools

Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a structured response playbook.