A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...

Vendor says vulns are linked with 2 mystery open source libraries integrated into EPMM product Australia's intelligence agency is warning organizations about several new Ivanti zero-days chained for ...

Ivanti warned customers today to patch their Ivanti Endpoint Manager Mobile (EPMM) software against two security vulnerabilities chained in attacks to gain remote code execution. "Ivanti has released ...

GitHub has disclosed a critical remote code execution flaw, CVE-2026-3854, exploitable via a single git push, and a popular PyPI package tied to GitHub Actions was hacked to deliver malware. Both ...

CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks.

Hackers are exploiting yet another vulnerability in one of Ivanti’s widely used enterprise products, the U.S. government’s cybersecurity agency CISA warned in a fresh alert this week. The remote code ...

How indirect prompt injection attacks on AI work - and 6 ways to shut them down ...