Android mental health apps with 14.7M installs filled with security flaws

Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information.
The Hacker News

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

CISA added FileZen CVE-2026-25108 (CVSS 8.7) to its KEV catalog after active exploitation, affecting versions 4.2.1–4.2.8 and 5.0.0–5.0.10.
The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.
Infosecurity Magazine

Researchers Reveal Six New OpenClaw Vulnerabilities

OpenClaw has patched six new vulnerabilities in its popular agentic AI assistant, covering server-side request forgery (SSRF) ...