WARPTECHNEWS · LAB

Home AI Business Tech Archive

WARPTECH LAB NEWS

Warptech Lab News aggrega le notizie più rilevanti da oltre 700 fonti internazionali, con classificazione AI, TL;DR sintetici e timeline cluster su singole storie.

Navigazione

Home
Archivio
Editor's Brief
Cerca
Il tuo account
Newsletter tech/AI

Informazioni legali

Privacy Policy
Termini di servizio
Cookie Policy

© 2026 Sparktech S.R.L. — Tutti i diritti riservati. Sito gestito e manutenuto da Sparktech S.R.L.

Sede legale: Corso Libertà 55, 13100 Vercelli (VC), Italia · P.IVA / C.F. 02835910023 · Contatti: admin@warptechlab.com

I found a COMMAND_INJECTION in a 25k ⭐ AI coding assistant (in 3 seconds)

Last week I scanned serena — a popular AI coding assistant with 25k ⭐. [BLOCK] COMMAND_INJECTION ...

lunedì 22 giugno 2026 New tab

236 words~1 min read

Last week I scanned serena — a popular AI coding assistant with 25k ⭐.

[BLOCK] COMMAND_INJECTION agent.py:1222

subprocess.Popen(cmd, shell=True)

→ config value → arbitrary shell execution

Enter fullscreen mode

Other newsrooms on this story

· 2 sources

Full timeline →

venturebeat.com·Jun 19, 2026 · 5 g fa
AI agent framework flaws hit 7,000 servers | VentureBeat
thenextweb.com·Jun 23, 2026 · 1 g fa
A fake AI agent skill passed every security scanner and reportedly reached 26,000 agents

Related reading

Agentjacking: How AI Coding Agents Get Hijacked Through Their Own Tool Pipeline

Your AI coding agent can read files, run shell commands, and call external APIs. That's also the...

dev.to·11 g fa

What I found when I security-scanned 10 AI-built apps (and how to check yours…

AI coding agents — Lovable, bolt.new, Cursor, Replit — have made it possible for anyone to ship a...

dev.to·3 g fa

Agentjacking: AI Coding Agents Tricked Into Running Malicious Code via Sentry…

TL;DR what: Attackers inject crafted markdown into Sentry error events that AI coding...

dev.to·12 g fa

Three prompt injection stories from this week that your guardrail probably…

A new CVE against Cursor, a LiteLLM supply-chain backdoor, and a study showing image-only injection...

dev.to·11 g fa

I shipped 35 bugs in my AI chatbot. The scariest one was on the output side.

I ran my own AI chatbot plugin through a security review before release, and it came back with 35...

dev.to·9 g fa

My AI Agent Found a Bug in Its Own System

I spent two semesters building an AI agent that runs penetration tests. For the non-hackers in the...

dev.to·18 g fa