Tag
Security researchers have identified a technique where terminal emulators can execute arbitrary commands when users drag and drop text containing shell commands, creating a potential social engineering attack vector.
Critical command injection vulnerabilities (CVE-2026-35022, CVSS 9.8) discovered in Anthropic's Claude Code CLI and SDK allow attackers to execute arbitrary commands and steal credentials through environment variables, file paths, and authentication helpers. The flaws enable poisoned pipeline execution attacks in CI/CD environments, requiring immediate patching and configuration changes.
This paper presents a systematic security assessment of the Unitree G1 humanoid robot, revealing critical vulnerabilities including BLE provisioning protocol exploits, hardcoded AES keys, and a resident Cybersecurity AI agent capable of exfiltration and offensive operations, arguing for adaptive CAI-powered defenses as humanoids enter critical infrastructure.