A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal ...
With the ability to take control of distributed devices at scale, HalluSquatting has the potential to achieve various ...
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
Researchers at the AI Now Institute developed a proof-of-concept exploit showing common AI tools used for security could ...
Zscaler found attackers using SEO poisoning and hidden prompts in malicious websites to manipulate AI agents into making cryptocurrency payments.
A critical prompt injection vulnerability in GitHub Agentic Workflows could allow unauthenticated attackers to leak private repository data, ...
JadePuffer exploited a vulnerable Langflow server, harvested credentials, moved laterally, and encrypted more than 1,300 ...
Indirect prompt injection attacks are now draining cryptocurrency from AI agents in production. Zscaler ThreatLabz documented ...