Apple update turns Czech mate for locked-out iPhone user
…And if you're wondering "why not enable Face ID in the first place? Biometrics are pretty secure." Well, it's not secure enough for this user, and it wouldn't matter…
Search
Unknown attackers exploit another critical SharePoint bug
…CVE-2026-20963 is a critical deserialization flaw in SharePoint that allows unauthenticated attackers to remotely execute code on the server without any user interaction, and Redmond fixed the issue as part…
Claude Code bypasses safety rule if given too many commands
…Adversa, a security firm based in Tel Aviv, Israel, spotted the issue following the leak of Claude Code's source. Claude Code implements various mechanisms for allowing and denying access to specific…
Microsoft calls time on ASP.NET Core 2.3 on .NET Framework
…when it went out of support, the choice being to revert to 2.1 and fix compatibility issues, or upgrade to run on .NET Core. Microsoft fudged this problem by releasing ASP…
Microsoft's massive Patch Tuesday: It's raining bugs
…It's raining bugs One CVE under attack, one already disclosed by angry bug hunter, and 163 more Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix…
Ancient Excel bug comes out of retirement for active attacks
…execution (RCE) issue that attackers can trigger by convincing victims to open a specially crafted Excel document that "includes a malformed object." Microsoft notified the community and issued a fix for CVE…
Critical Microsoft Excel bug weaponizes Copilot Agent
…Of the eight critical-rated CVEs, two - CVE-2026-26110 and CVE-2026-26113 - are Office remote code execution bugs that can be triggered via the Preview Pane, meaning a user may…
Firefox finds a slew of new bugs with Claude's help
…total, we discovered 14 high-severity bugs and issued 22 CVEs as a result of this work. All of these bugs are now fixed in the latest version of the browser." Anthropic…
Lovable denies data leak, cites 'intentional behavior'
…versus-private-project mess in the first place, and then blaming its bug bounty partner, HackerOne, for its failure to fix the flaw. Users, the startup said, can select a "public" or…
VS Code goes weekly, gets AI autopilot - what could go wrong
…VS Code has always had a rapid release cycle, formerly based on a monthly update which included an "Endgame" week where code was temporarily frozen, tested, and any identified issues fixed before…