msn.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-16.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-16 2026 | OpenAI tells Mac users to update apps after software supply chain attackSupply Chain | OpenAI has urged Mac users to update their applications following a software supply chain attack. Attackers compromised a third-party analytics provider, potentially exposing user data from certain OpenAI applications, including ChatGPT. While OpenAI states that their systems were not directly breached and no sensitive information like conversation history or payment details were compromised, they recommend users update their apps to mitigate any potential risks from this incident. |
| 2026-05-15 2026 | Claude Mythos found decade-old Firefox bugs that years of fuzzing missedFuzzing | Claude Mythos has discovered long-standing bugs in Firefox, some present for a decade, which eluded extensive fuzzing efforts. This highlights limitations in automated testing and the value of manual, in-depth security research. The specific number of bugs or their severity was not detailed in the provided content, nor was any bug bounty payout amount mentioned. |
| 2026-05-15 2026 | OpenAI tells Mac users to update apps after software supply chain attackSupply Chain | OpenAI is advising Mac users to update their applications following a software supply chain attack. The attack targeted a third-party library used by several applications, potentially exposing user data. OpenAI's own ChatGPT desktop app was affected, and they are working with other affected vendors to address the vulnerability. Users are urged to apply any available updates promptly to protect themselves. No specific bounty payout amount was mentioned in the content. |
| 2026-05-15 2026 | OpenAI tells Mac users to update apps after software supply chain attackSupply Chain | OpenAI has alerted Mac users to update their applications following a software supply chain attack. Attackers compromised a third-party data analytics provider used by OpenAI. This allowed them to gain access to customer data, including names, email addresses, and payment information for some users. OpenAI states that it has no evidence of unauthorized access to their main systems or any impact on ChatGPT or other OpenAI products. Users are advised to update their Mac applications as a precautionary measure. |
| 2026-05-14 2026 | DAEMON Tools installers hacked in global supply chain attackSupply Chain | DAEMON Tools installers were compromised in a global supply chain attack. Attackers inserted malicious code into the software's legitimate installers, which were then distributed to users. This allowed the attackers to gain unauthorized access to systems. The exact payout amount for any bug bounty related to this incident is not specified in the provided content. |
| 2026-05-05 2026 | LiteLLM flaw exploited within 36 hours of disclosureAI | A critical flaw in LiteLLM was exploited within 36 hours of its public disclosure. The vulnerability, which allowed for potential data exfiltration, posed a significant risk to users. The rapid exploitation highlights the urgency of patching security vulnerabilities and the swiftness with which malicious actors can leverage disclosed weaknesses. No specific bounty payout amount was mentioned in the provided content. |
| 2026-04-29 2026 | Firefox using advanced AI to find fix browser security flawsAIFuzzing | Firefox is employing advanced AI to proactively identify and address browser security vulnerabilities. This innovative approach aims to streamline the process of finding and patching flaws, enhancing user security. By leveraging AI, Firefox can potentially detect a wider range of issues more efficiently than traditional methods. The goal is to create a more secure browsing experience for all users by staying ahead of potential threats. |
| 2026-04-28 2026 | Experts flag potentially critical security issues at heart of Anthropic MCPAI | Security experts have identified potentially critical vulnerabilities within Anthropic's "MCP" (likely referring to their model or platform). These issues, if exploited, could pose significant risks. The article highlights concerns about the security of Anthropic's core technology. No specific payout amounts for bug bounties were mentioned in the provided content. |
| 2026-04-26 2026 | Anthropic's model context protocol includes a critical remote code execution vulnerabilityAIRCE | A critical remote code execution (RCE) vulnerability has been discovered in Anthropic's model context protocol. This flaw allows attackers to execute arbitrary code on a system through the protocol. The specifics of the vulnerability and its potential impact are detailed in the linked article, but no bug bounty payout amount is mentioned. |
| 2026-04-23 2026 | Anthropic's model context protocol includes a critical remote code execution vulnerabilityAI | Anthropic's model context protocol includes a critical remote code execution vulnerability https://ift.tt/Hfb3ygq |
| 2026-04-23 2026 | Anthropic's model context protocol includes a critical remote code execution vulnerabilityRCE | Anthropic's model context protocol includes a critical remote code execution vulnerability https://ift.tt/uJoCxjU |
| 2026-04-23 2026 | LangChain framework hit by several worrying security issues here's what we knowSQLi | LangChain framework hit by several worrying security issues — here's what we know https://ift.tt/XaO0IvB |
| 2026-04-17 2026 | Securing software supply chain without slowing developmentSupply Chain | Securing software supply chain without slowing development https://ift.tt/5YdRFCM |
| 2026-04-16 2026 | LangChain framework hit by several worrying security issues here's what we knowSQLi | LangChain framework hit by several worrying security issues — here's what we know https://ift.tt/ENiUzLF |
| 2024-09-10 2024 | Critical server-side vulnerability in Microsoft Copilot Studio gives illegal access to internal infrastructureSSRF | A critical server-side vulnerability in Microsoft Copilot Studio has been identified, allowing unauthorized access to internal infrastructure. This security flaw poses a significant risk as it could potentially be exploited by malicious actors to gain unauthorized access to sensitive data and compromise the system. Microsoft Copilot Studio users should be vigilant and take immediate action to address this vulnerability to prevent any unauthorized access to their internal infrastructure. |
| 2024-09-07 2024 | Critical server-side vulnerability in Microsoft Copilot Studio gives illegal access to internal infrastructureSSRF | A critical server-side vulnerability in Microsoft Copilot Studio has been identified, allowing unauthorized access to internal infrastructure. This vulnerability poses a significant security risk and requires immediate attention to prevent potential exploitation by malicious actors. Organizations using Microsoft Copilot Studio should take prompt action to address this issue and enhance their security measures to safeguard their systems and data. |