Morning Overview on MSN

LiteLLM just fell to a full-chain Pwn2Own exploit combining SSRF and code injection — researchers took full system control

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise ...
Electrek

Fisker went bankrupt and owners built open source car company from the ashes

After Fisker's bankruptcy left 11,000 Ocean EVs orphaned, a 4,000-member community reverse-engineered software, hacked CAN ...
CNX Software

Anthropic’s open-source Claude Desktop Buddy turns ESP32-S3 devices into interactive AI desk companions

Anthropic has opened its Claude Hardware Interface (Bluetooth API) to developers, enabling an ESP32-S3-based desk companion to connect directly to the Claude desktop app over Bluetooth Low Energy (BLE ...
Microsoft

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

Exposed UIs, weak authentication, and risky defaults could turn cloud-native AI apps on Kubernetes into potential targets by ...
SecurityWeek

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The infamous TeamPCP hacking group that besieged the open source software ecosystem ...
CSOonline

AI agent finds 18-year-old remote code execution flaw in Nginx

An LLM-powered system found 4 security bugs, including a critical one in the web server’s URL rewrite module. Researchers have found a critical vulnerability in the widely used Nginx web server that ...
The Hacker News

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...
SecurityWeek

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

Build Application Firewalls (BAFs) are emerging as a new defense against software supply chain attacks by inspecting ...
InfoQ

Implementing the Sidecar Pattern in Microservices-Based ASP.NET Core Applications

Today's applications require monitoring, logging, configuration, etc. Each of these concerns can be implemented as a ...

OpenAI launches new voice intelligence features in its API

The new features could be handy for customer service systems, but OpenAI says they have applications that work across a ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...