Morning Overview on MSN

LiteLLM just fell to a full-chain Pwn2Own exploit combining SSRF and code injection — researchers took full system control

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise ...
United States Army

The Cross-Domain Contact Layer: Army Advances Multi-Domain Command-Pacific Following Successful Operational Experiment

HONOLULU— The U.S. Army is moving forward with the establishment of Multi-DomainCommand-Pacific (MDC-PAC) following a ...

SAP Patchday: Critical vulnerabilities allow unauthorized login

SAP addresses 15 new security vulnerabilities in May. Two are considered critical and allow unauthorized login or SQL ...

Can peptide injections help people recover from injuries? Here’s what you need to know

The internet is awash with claims about injectable peptides for fitness, but there’s almost no human research showing they ...

One command turns any open-source repo into an AI agent backdoor. OpenClaw proved no supply-chain scanner has a detection category for it

CLI-Anything generates SKILL.md files that AI agents trust and execute. Snyk found 13.4% of agent skills contain critical ...

ProFTPD: Code injection via mod_sql possible

The FTP server ProFTPD includes a module called mod_sql. It contains an SQL injection vulnerability that can ultimately lead to the execution of injected code.
Cybernews

Expect more prompt injection attacks on your AI agent, Google warns

Google warns prompt injection attacks are 32% up as hackers target GitHub Copilot, Claude and AI agents with $5,000 PayPal ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal — and don't — about agent runtime protection.
SiliconANGLE

OpenAI Codex vulnerability enabled GitHub token theft via command injection, report finds

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...
Women's Health

Which Is Better: The Weight Loss Pill or Injection?

While GLP-1 weight loss meds have been a mainstay in pop culture for a few years now, they're potentially about to get even more widespread. Formerly only available as an injection, Wegovy recently ...