39C3: Security researcher hijacks AI coding assistants with prompt injection

At 39C3, Johann Rehberger showed how easily AI coding assistants can be hijacked. Many vulnerabilities have been fixed, but ...
Dark Reading

GitHub: How Code Provenance Can Prevent Supply Chain Attacks

GARTNER SECURITY & RISK MANAGEMENT SUMMIT — Washington, DC — Having awareness and provenance of where the code you use comes from can be a boon to prevent supply chain attacks, according to GitHub's ...

OpenAI says AI browsers may always be vulnerable to prompt injection attacks

OpenAI says prompt injections will always be a risk for AI browsers with agentic capabilities, like Atlas. But the firm is ...
Security Boulevard

Best of 2025: Google Gemini AI Flaw Could Lead to Gmail Compromise, Phishing

Researchers discovered a security flaw in Google's Gemini AI chatbot that could put the 2 billion Gmail users in danger of being victims of an indirect prompt injection attack, which could lead to ...
CRN

ConnectWise ScreenConnect Vulnerability Exploited: CISA

The ConnectWise ScreenConnect vulnerability, which earlier this year was identified as a potential way for threat actors to perform ViewState code injection attacks, is now being exploited, according ...

Your AI browser can be hijacked by prompt injection, OpenAI just patched Atlas

OpenAI says it has patched ChatGPT Atlas after internal red teaming found new prompt injection attacks that can hijack AI ...

OpenAI admits prompt injection is here to stay as enterprises lag on defenses

OpenAI confirms prompt injection can't be fully solved. VentureBeat survey finds only 34.7% of enterprises have deployed ...
Redmond Magazine

Microsoft Warns of ViewState Code Injection Attacks Using Publicly Disclosed Machine Keys

Microsoft Threat Intelligence has identified a limited attack campaign leveraging publicly available ASP.NET machine keys to conduct ViewState code injection attacks. The attacks, first observed late ...
Hosted on MSN

Your AI Browser May Be Vulnerable to 'Prompt Injection' Attacks

Did you know you can customize Google to filter out garbage? Take these steps for better search results, including adding Lifehacker as a preferred source for tech news. AI continues to take over more ...
Nature

Secure Software Execution and Code Reuse Attacks

Secure software execution has become a critical concern as modern computing systems, ranging from embedded devices to enterprise platforms, face increasingly sophisticated adversaries. Recent studies ...
Bleeping Computer

Microsoft says attackers use exposed ASP.NET keys to deploy malware

Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. As Microsoft Threat Intelligence experts recently discovered, ...
Bleeping Computer

Microsoft to secure Entra ID sign-ins from script injection attacks

Microsoft plans to enhance the security of the Entra ID authentication system against external script injection attacks starting in mid-to-late October 2026. This update will implement a strengthened ...