Security NEXT

APIクライアント生成ツール「Orval」にRCE脆弱性 - 再発で2度の修正

「OpenAPI」や「Swagger」の仕様をもとにAPIクライアントを生成するソフトウェア「Orval」に深刻な脆弱性が判明した。 特定条件下で生成コードに対して任意のJavaScriptコードを注入できる「CVE-2026-25141」が判明したもの。生成されたスクリプトファイルが実行される環境においてリモートから任意のコードを実行されるおそれがある。
Infosecurity Magazine

Vibe-Coded Moltbook Exposes User Data, API Keys and More

Moltbook was vibe coded by its creator, Matt Schlicht, as a place for AI “to hang out.” It has garnered tremendous attention ...
Cyber Daily

New social media for AI agents exposes thousands of email addresses and over a million API ...

A brand new social media platform designed for AI agents to network and chat with each other has reportedly exposed the ...
Analytics Insight

Best API Frameworks of 2026: Choose the Right One for Your Project

API frameworks reduce development time and improve reliability across connected software systemsChoosing the right framework ...
Que.com on MSN

China-linked hackers deploy PeckBirdy JavaScript C2 framework since 2023

Since 2023, multiple security investigations have highlighted a growing trend in which China-linked threat actors increasingly rely on lightweight, stealthy ...

kintoneやGaroon MCPサーバの活用で生成AIとの連携を実現

サイボウズは2025年8月にkintone MCPサーバの提供を開始、Claude ...
The Hacker News

China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023

Experts details PeckBirdy, a JavaScript C2 framework used since 2023 by China-aligned attackers to spread malware via fake ...