OpenAI Launches Codex Security, 14 Days After Anthropic
OpenAI launches Codex Security in research preview, scanning 1.2M commits and finding 11,353 critical and high-severity vulnerabilities. The AI vulnerability arms race is officially on.
Ai security
Kali Linux's Official MCP Server Has a Textbook Command Injection Vulnerability
A security researcher found that the mcp-kali-server package - shipped in Kali's official repos - interpolates AI-supplied parameters directly into shell commands with shell=True, enabling trivial arbitrary command execution.
Kali Linux Published a Guide Piping Pentest Tools Through Claude's API - Without Mentioning Data Security Once
Kali Linux's new Claude AI integration funnels scan results, target IPs, and discovered vulnerabilities through Anthropic's cloud API, and the guide's only privacy note is a parenthetical shrug.
How to Actually Secure OpenClaw: A Step-by-Step Hardening Guide
OpenClaw ships with authentication disabled and binds to all interfaces. This step-by-step guide covers every hardening measure you need - from authentication and sandboxing to MCP security and network isolation - backed by real CVEs and security research.
Anthropic Says DeepSeek, Moonshot, and MiniMax Ran 24,000 Fake Accounts to Steal Claude's Capabilities
Anthropic accuses three Chinese AI labs of industrial-scale distillation attacks using 24,000 fraudulent accounts and 16 million exchanges with Claude. MiniMax ran the largest operation at 13 million exchanges. None of the three companies have responded.
Microsoft Copilot Spent Two Weeks Reading Confidential Emails It Was Supposed to Ignore
A Microsoft 365 Copilot bug (CW1226324) let the AI summarize emails with sensitivity labels in Sent Items and Drafts, bypassing DLP policies for two weeks. The NHS was affected. It's the second time in eight months.
