#Security

All Claude tiers jailbroken: AFL attack and the structural failure of constitutional safety

A security researcher bypassed Claude Opus 4.6's policy evaluation with just four short prompts, generating attack code against live infrastructure. Plus 915 files exfiltrated from the sandbox.

axios maintainer explains North Korean UNC1069's social engineering playbook: fake Slack invite, then a Teams call that delivered a RAT

The axios postmortem from maintainer Jason Saayman lays out the full social-engineering chain: a fake company Slack workspace, a fake Teams meeting, and a RAT that took over the machine. 2FA and OIDC were both bypassed.

UAT-10608 used React2Shell to steal credentials from 766 Next.js hosts

Cisco Talos tracked UAT-10608 exploiting CVE-2025-55182 (React2Shell) to compromise 766 Next.js hosts and automatically collect DB credentials, SSH keys, and AWS/Stripe/GitHub tokens.

OpenClaw's SSH sandbox can be escaped through a symlink, CVSS 8.8

A symlink validation bug in OpenClaw's SSH sandbox sync path lets an AI agent read or write arbitrary local files outside the sandbox. GHSA-fv94-qvg8-xqpw, CVSS 8.8.

Cloudflare's serverless CMS EmDash is now in beta as a WordPress successor

A full-stack serverless CMS built on Astro 6.0, EmDash tries to solve WordPress's long-running plugin security problem with V8-isolate plugin sandboxing.

Chrome 146's Dawn use-after-free is the fourth Chrome zero-day exploited in the wild in 2026

CVE-2026-5281, a UAF in Dawn, the WebGPU implementation used by Chrome, was confirmed in-the-wild. Update to Chrome 146.0.7680.177/178 immediately.

Adobe Creative Cloud is rewriting the hosts file without permission

Adobe CC's WAM component silently adds a detect-ccd.creativecloud.adobe.com entry to the Windows hosts file and uses it to detect installations from the browser. A breakdown of the mechanism and the broader pattern of major software taking control away from the OS and the user.

Claude Code full source exposed via npm; OpenAI Codex token-theft flaw disclosed at the same time

A summary of how source maps bundled in the Claude Code npm package made over 510k lines of TypeScript visible, and how a branch-name command injection in OpenAI Codex could have allowed theft of GitHub tokens.

Cloudflare opens Client-Side Security's GNN+LLM detection to everyone and cuts false positives by 200x

Cloudflare added a two-stage GNN+LLM cascade to its client-side malicious script detection, reducing false positives per unique script from 1.39% to 0.007% and opening the formerly paid Advanced features to self-serve customers.

Axios with 100 million weekly downloads was hijacked by npm and a cross-platform RAT was launched

A fake dependency plain-crypto-js was injected into axios 1.14.1 and 0.30.4 to install a RAT dropper via a postinstall hook. Complete attack chain from maintainer account compromise to C2 communication and self-deletion.

Two cases of unauthenticated RCE and RCE via XSS, over 220,000 instances exposed in OpenCode

CVE-2026-22812 (CVSS 8.8) and CVE-2026-22813 (CVSS 9.4) were disclosed in the open source AI coding agent "OpenCode". Shell commands are executed via XSS of an unauthenticated HTTP server and Markdown renderer. The PoC has been published, with over 220,000 instances exposed online.

Russian state-backed group TA446 launches spear-phishing attack with DarkSword iOS exploit kit

FSB-affiliated attack group TA446 adopted the DarkSword iOS exploit kit leaked on GitHub to distribute GHOSTBLADE malware through spear phishing disguised as the Atlantic Council. Targets include Russian dissidents, government and educational institutions.