SecurityWeek

Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks

A vulnerability in the Ally WordPress plugin exposes over 200,000 websites to sensitive information disclosure via SQL queries.
Techlomedia

Critical SQL Injection Vulnerability Found in Elementor Ally WordPress Plugin, Over 250,000 Sites Still at Risk

A serious security vulnerability has been discovered in the Ally plugin for WordPress. The flaw could allow attackers to ...

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...
The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...
Security Boulevard

LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities

Tenable Research revealed "LeakyLooker," a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services ...

AI vs AI: Agent hacked McKinsey's chatbot and gained full read-write access in just two hours

Researchers at red-team security startup CodeWall say their AI agent hacked McKinsey's internal AI platform and gained full read and write access to the chatbot in just two hours. It's yet another ...
The Hacker News

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

SafeLine self-hosted WAF blocks SaaS bot abuse with 99.45% accuracy, cutting fake sign-ups and stabilizing CPU usage.

SafePrompt Launches Prompt Injection Protection API for AI Developers

Developer-first security tool blocks AI manipulation attacks in under 100 milliseconds with a single API call Our goal ...
CNN

New judicial ethics code says judges may speak out against ‘illegitimate’ attacks

Newly released ethics guidance for the federal judiciary makes clear that judges can speak out against “illegitimate forms of criticism and attacks.” The guidance comes as judges have been targeted ...
NBC New York

Arrest made in 2021 Long Island acid attack that left woman with severe burns: Sources

After nearly five long years, an arrest was made in the 2021 acid attack that left a Long Island woman with severe burns on her face when she was ambushed outside her home by an unknown assailant, law ...
VentureBeat

Anthropic published the prompt injection failure rates that enterprise security teams have been asking every vendor for

Run a prompt injection attack against Claude Opus 4.6 in a constrained coding environment, and it fails every time, 0% success rate across 200 attempts, no safeguards needed. Move that same attack to ...
World Socialist Web Site

India’s Labour Code “reform”: A savage attack on worker rights

To further intensify the super-exploitation of India’s working class by domestic and foreign capital, the far-right Bharatiya Janata Party (BJP)-led central government has enacted sweeping changes to ...