Bleeping Computer

Counter-Strike 2 HTML injection bug exposes players’ IP addresses

Valve has reportedly fixed an HTML injection flaw in CS2 that was heavily abused today to inject images into games and obtain other players' IP addresses. While initially thought to be a more severe ...
Hosted on MSN

Robinhood phishing exploit used Gmail alias and HTML injection

Robinhood confirmed a phishing campaign that exploited its account creation process and Gmail’s dot alias feature to send convincing fake security alerts from its official email address. Attackers ...
Dark Reading

GitLab's AI Assistant Opened Devs to Code Theft

An indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant could have allowed attackers to steal source code, direct victims to malicious websites, and more. In fact, ...

Oracle issues out-of-band warning about critical PeopleSoft code injection flaw

Oracle is closing a critical code injection vulnerability in PeopleSoft with an update outside of its usual schedule.