Two AI companion applications have left hundreds of thousands of users’ intimate conversations and personal media completely exposed online, according to security researchers at Cybernews who discovered the vulnerability in late August. The apps in question, Chattee Chat and GiMe Chat, gained popularity, with one of them, Chattee, ranking among the top 150 entertainment apps…

Continue Reading

A security vulnerability has been discovered in figma-developer-mcp, a popular Model Context Protocol (MCP) server for Figma integrations. The flaw allows attackers to execute arbitrary system commands on affected servers, earning it a “high severity” rating from GitHub’s security team. The issue stems from improper handling of user input in the package’s get_figma_data tool. Developers…

Continue Reading

DeepMind, Google’s AI research organization, has introduced CodeMender, an AI-driven system designed to automatically identify and repair security vulnerabilities in software code. This development aims to assist developers in maintaining more secure and resilient software by automating critical aspects of vulnerability detection and patching. Software vulnerabilities remain one of the most pressing concerns in cybersecurity.…

Continue Reading

Oracle has announced a security alert regarding a serious vulnerability (CVE-2025-61882) affecting certain versions of its E-Business Suite. The flaw allows attackers to remotely execute malicious code on targeted systems without needing any authentication, representing a significant security risk. The vulnerability exists within the BI Publisher component of the Oracle E-Business Suite, affecting versions 12.2.3…

Continue Reading

A critical security vulnerability has been discovered in Redis that could allow remote code execution through a crafted Lua script. Identified as CVE-2025-49844, the flaw has received a CVSS score of 10.0, the highest possible rating, reflecting both its severity and potential impact. The vulnerability was responsibly disclosed by researchers at Wiz and Trend Micro’s…

Continue Reading

Discord has disclosed a recent security incident involving one of its third-party customer service vendors. While Discord’s core platform remains unaffected, the breach exposed user data from a limited number of individuals who had previously contacted the company’s Customer Support or Trust & Safety teams. According to Discord’s official statement, the attacker did not breach…

Continue Reading

Signal, the non-profit behind one of the world’s most widely used secure messaging protocols, has unveiled the Triple Ratchet, a major upgrade which introduces post-quantum cryptography into everyday encrypted communications. The new system aims to protect users not only from current threats, but also from those posed by future quantum computers. Sparse Post-Quantum Ratchet (SPQR)…

Continue Reading