Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden ...

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.

A redesigned cancer immunotherapy is showing striking early results after decades of disappointment with similar drugs. Researchers engineered a more powerful CD40 agonist antibody and changed how ...

A new benchmark study found AI agents remain vulnerable to prompt injection attacks as companies increasingly roll out the ...

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

Jab brought ‘unprecedentedly strong responses’ in patients whose disease had become resistant to chemotherapy and immunotherapy Doctors have hailed “unprecedented” trial results that show a ...

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...

A truly bizarre situation on Motorola phones has led to the software hijacking the Amazon app to inject an affiliate code – even on the $1,900 Razr Fold. Our original coverage follows below. The shady ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...