🚨 Patch Now: SharePoint Under Attack & Your AI Coding Tool Could Hand Over Your PC
Two of today's biggest security stories share a scary theme: attackers are already inside the door. One targets a tool millions of businesses rely on to share files, the other targets the AI coding assistants developers increasingly trust. Here's what happened and why it matters.
🛠️ SharePoint Is Being Hacked Right Now — Patch Immediately
The U.S. cybersecurity agency CISA just added a serious SharePoint flaw (CVE-2026-45659) to its list of vulnerabilities that criminals are actively exploiting in the wild. In plain English: a bug in Microsoft SharePoint — the software countless companies use to store and share internal documents — lets an attacker run their own commands on the server and potentially take it over.
It affects SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, and it carries a high severity score of 8.8 out of 10. Because SharePoint often holds a company's most sensitive files, a compromise here can be a springboard for stealing data or spreading deeper into a network. If your organization runs SharePoint on its own servers, applying Microsoft's patch should be today's top priority.
💥 Your AI Coding Assistant Could Be Tricked Into Taking Over Your Computer
Researchers at Cato AI Labs uncovered two critical flaws (rated a near-maximum 9.8) in Cursor, one of the most popular AI-powered coding tools. The unsettling part: they're “zero-click,” meaning a developer doesn't have to do anything wrong to get hit. A poisoned web page or a malicious add-on the AI reads could quietly hijack the assistant and take full control of the developer's machine.
This is a preview of a whole new category of risk as companies hand more autonomy to AI “agents” that browse, read, and run code on their own. If that agent can be tricked by booby-trapped content, so can everything it touches. Cursor has shipped fixes in its 3.0 release, so anyone using it should update now — and it's a reminder to be cautious about what data your AI tools are allowed to read and act on.
Stay ahead of threats with GOCO Security at gocosecurity.com.
.jpg)
Comments
Post a Comment