The Hacker News

Open VSX Bug Let Malicious VS Code Extensions Bypass Pre-Publish Security Checks

Open VSX bug misread scanner failures as clean results, letting malicious VS Code extensions go live before patch in v0.32.0.
Neowin

Microsoft Weekly: Serious bug cripples Windows 11 drive C and details about the next Xbox

A serious Windows 11 bug cripples PCs, Microsoft shares details about the next Xbox, and other stories in this week's Microsoft Weekly recap. A big Windows 11 bug is hitting Samsung users hard, ...
CSOonline

OpenAI says Codex Security found 11,000 high-impact bugs in a month

The new AI-driven AppSec tool reportedly uncovered hundreds of critical flaws and thousands of high-severity issues during early testing. OpenAI’s new AppSec agent, Codex Security, has already flagged ...
WFAA8

Arlington Mayor Jim Ross discusses the inaugural Java House Grand Prix, looks ahead to next year

Mayor Jim Ross said the Java House Grand Prix of Arlington generated business across North Texas. Ross said the event also put the city on a global stage.
GitHub

./Nyx — Bug Bounty Recon Extension

Nyx is not on the Chrome Web Store. Load it manually as an unpacked extension. This tool is intended for authorized security testing and bug bounty programs only. Do not use against systems you do not ...
The Hacker News

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries.
GitHub

h1_idor_scanner.py

python3 h1_idor_scanner.py --token-a TOKEN_A --token-b TOKEN_B --report-id REPORT_ID python3 h1_idor_scanner.py --token-a TOKEN_A --token-b TOKEN_B --report-id REPORT_ID --user-id USER_ID --program ...