Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

Prompt injection remains the most effective way to compromise enterprise AI systems because it exploits the fundamental way ...

New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available

Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
The Hacker News

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Attackers are exploiting three Fortinet FortiSandbox flaws, including one patched last week, risking auth bypass and command ...
CNET

Hackers Conned a Chatbot to Hijack 20,000 Instagram Accounts

Joe is a freelance journalist. It all started with a long-running affection for building his own PCs, which he did for the first time as a teenager. It evolved into a lifelong enjoyment of putting ...
MIT Technology Review

The Meta hack shows there’s more to AI security than Mythos

Some AI cybersecurity threats are incredibly simple. They’re still dangerous. On June 5, 404 Media reported that attackers had been using Meta’s AI customer support agent to steal Instagram accounts.

Instagram Hackers Bypass Two-Factor Authentication Using 'Flawed' Meta AI Support System to Steal Rare Verified Accounts

A flaw in Meta's AI-powered Instagram recovery tool allowed attackers to hijack accounts by redirecting password reset links, bypassing traditional security measures. Meta quickly patched the ...
Morning Overview on MSN

Cybersecurity researchers just found that ChatGPT implicitly trusts the Markdown links around it — and hackers are already exploiting that trust for phishing

Picture this: you paste a link into ChatGPT and ask for a summary. The model obliges, returning a clean, confident breakdown of the page’s contents. What it doesn’t tell you is that it just followed a ...
Fox News

Major cruise line hack exposes sensitive data of nearly 6 million travelers

Carnival Corporation, the world’s largest cruise company, announced it is offering some U.S. travelers two years of free credit monitoring after a data breach leaked the personal information of nearly ...
Dark Reading

AI-Assisted Exploit Development Outpaces Scanner Detection

Attackers have reduced the time to develop an exploit for a known vulnerability from 125 days to a mere half a day, thanks to the use of AI-assisted development, leaving vulnerability scanners ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Ars Technica

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...