The rise of AI coding assistants has simplified developer workflows, but a recent discovery shows those conveniences can carry serious risk. Researchers at BeyondTrust found a critical command-injection vulnerability in OpenAI Codex that could be exploited to steal GitHub access tokens. The flaw demonstrates how an overlooked parsing detail — a branch name passed into a container setup script —
Critical RCE in Ninja Forms File Upload Exposes ~50,000 WordPress Sites
A recently disclosed vulnerability in the popular Ninja Forms “File Upload” addon has placed roughly 50,000 WordPress sites at risk of full takeover. Tracked as CVE-2026-0740 and carrying a CVSS score of 9.8, the flaw allows unauthenticated arbitrary file uploads — a straightforward path to remote code execution (RCE) for attackers. Site owners who rely on the affected plugin must
Microsoft fixes Classic Outlook bug that blocked some email sends
Microsoft has rolled out a server-side fix for a recent Classic Outlook problem that prevented some users from sending messages through Outlook.com. The issue caused non-delivery warnings and error codes for affected accounts, and the company says the change has been in production as of April 3, 2026. What happened Some Classic Outlook users received non-delivery reports (NDRs) with error
Researcher Publishes Windows Defender 0-Day ‘BlueHammer’ LPE Proof‑of‑Concept
A security researcher using the handle Chaotic Eclipse has publicly released a working proof‑of‑concept for a Windows zero‑day local privilege escalation (LPE) exploit called “BlueHammer.” The disclosure, accompanied by full source code on GitHub, was confirmed as functional by vulnerability researcher Will Dormann and demonstrates that a low‑privileged local user can escalate to NT AUTHORITYSYSTEM on affected machines. The release
Microsoft removes Support and Recovery Assistant from Windows — what it means
Microsoft has removed the Support and Recovery Assistant (SaRA) from Windows, according to recent reports. Once a handy troubleshooting companion for Office and other Microsoft products, SaRA helped users diagnose and fix a variety of common issues. Its absence changes the options available to end users and IT teams when problems arise, but there are practical alternatives and steps you
LinkedIn’s BrowserGate: Scanning Visitors for 6,236 Chrome Extensions and Device Data
A recent security analysis has raised alarms about how LinkedIn inspects the browsers of people who visit its site. Researchers at Fairlinked e.V. published what they call the “BrowserGate” report, and independent testing by BleepingComputer corroborated many of the findings: LinkedIn appears to inject client-side JavaScript that probes visitors’ browsers for thousands of Chrome extensions and collects a range of