These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.
The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively ...
TechCrunch

Anthropic’s new Cowork tool offers Claude Code without the code

On Monday, Anthropic announced a new tool called Cowork, designed as a more accessible version of Claude Code. Built into the Claude Desktop app, the new tool lets users designate a specific folder ...
Ars Technica

Anthropic launches Cowork, a Claude Code-like for general computing

Anthropic’s agentic tool Claude Code has been an enormous hit with some software developers and hobbyists, and now the company is bringing that modality to more general office work with a new feature ...
Morningstar

CALDOLOR® (IBUPROFEN) INJECTION CMS ISSUED J-CODE NOW ASSOCIATED WITH REIMBURSEMENT PRICE SUPPORTING NON-OPIOID PAIN MANAGEMENT

NASHVILLE, Tenn., Dec. 8, 2025 /PRNewswire/ -- Cumberland Pharmaceuticals Inc. (Nasdaq: CPIX), today announced an important update regarding its Caldolor® (ibuprofen) Injection. The product's ...
TechCrunch

Amazon previews 3 AI agents, including ‘Kiro’ that can code on its own for days

Amazon Web Services on Tuesday announced three new AI agents it calls “frontier agents,” including one designed to learn how you like to work and then operate on its own for days. Each of these agents ...
Frontiers

Enhanced SQL injection detection using chi-square feature selection and machine learning classifiers

Computational and Communication Science and Engineering (CoCSE), The Nelson Mandela African Institution of Science and Technology (NM-AIST), Arusha, Tanzania In the face of increasing cyberattacks, ...
Bleeping Computer

SAP fixes hardcoded credentials flaw in SQL Anywhere Monitor

SAP has released its November security updates that address multiple security vulnerabilities, including a maximum severity flaw in the non-GUI variant of the SQL Anywhere Monitor and a critical code ...
Visual Studio Magazine

Elevate SQL Development with VS Code

As SQL development increasingly becomes part of full-stack workflows, developers are looking for ways to simplify their tooling without compromising capability. While SQL Server Management Studio ...
SecurityWeek

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection

Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects. A misconfiguration in the Gerrit collaboration ...
Microsoft

From code to community: The collective effort behind SQL Server 2025

At Build 2025, SQL Server 2025 officially entered public preview. As one of the world’s most popular databases, this release continues a decades-long history of innovation with features made for ...
CSOonline

Brocade Fabric OS flaw could allow code injection attacks

The improper input validation flaw allows attackers with admin access to modify firmware and run arbitrary code on affected SAN environments. A high severity flaw affecting Broadcom’s Brocade Fabric ...