CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Researchers hijacked Claude, Gemini, and Copilot AI agents via prompt injection to steal API keys and tokens. All three ...

GrafanaGhost: The AI That Leaked Everything Without Being Hacked

A newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why ...

Researchers detail how a prompt injection attack bypassed Apple Intelligence protections

A now corrected issue let researchers circumvent Apple’s restrictions and force the on-device LLM to execute ...
MUO on MSN

Yes, you can get malware just by visiting a website

It's not even your browser's fault.

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
SecurityWeek

Google DeepMind Researchers Map Web Attacks Against AI Agents

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous ...
News Medical

Wegovy® (semaglutide injection) 2.4 mg recommended by NICE to reduce risk of major adverse cardiovascular events, including heart attacks and strokes, in adults with ...

NICE has recommended Wegovy ® (semaglutide injection) 2.4 mg as the first GLP-1 RA to reduce the risk of major adverse cardiovascular events (cardiovascular death, non-fatal myocardial infarction, or ...
The Post-Crescent

New CIS Report Warns Prompt Injection Attacks Pose Growing Risk to Generative AI

This report makes clear that technical prompt injections aren’t a theoretical problem, they’re a real and immediate risk.” — TJ Sayers, Senior Director of Threat Intelligence at CIS CLIFTON PARK, NY, ...