The Hacker News

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.
CSOonline

OpenAI says Codex Security found 11,000 high-impact bugs in a month

The new AI-driven AppSec tool reportedly uncovered hundreds of critical flaws and thousands of high-severity issues during early testing. OpenAI’s new AppSec agent, Codex Security, has already flagged ...
WFAA8

Arlington Mayor Jim Ross discusses the inaugural Java House Grand Prix, looks ahead to next year

Mayor Jim Ross said the Java House Grand Prix of Arlington generated business across North Texas. Ross said the event also put the city on a global stage.
The Hacker News

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries.
GitHub

h1_idor_scanner.py

python3 h1_idor_scanner.py --token-a TOKEN_A --token-b TOKEN_B --report-id REPORT_ID python3 h1_idor_scanner.py --token-a TOKEN_A --token-b TOKEN_B --report-id REPORT_ID --user-id USER_ID --program ...