CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this ...
Verdict on MSN

Is 'nearly right' AI generated code becoming an enterprise business risk?

Code that might appear correct but actually misses edge cases or generates inaccurate results can trigger outages, faulty ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Researchers hijacked Claude, Gemini, and Copilot AI agents via prompt injection to steal API keys and tokens. All three ...
Dark Reading

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker ...

Pixel phones are becoming safer via Google's Rust code injection

Android phones like the Pixel devices are already pretty secure, but Pixel modem security has reportedly taken quite the turn ...
SecurityWeek

SAP Patches Critical ABAP Vulnerability

SAP has released 19 new security notes on its April 2026 security patch day, including one that resolves a critical-severity ...

OpenAI CEO Sam Altman addresses Molotov cocktail attack on his home and AI backlash

Questions linger about what motivated the attack against OpenAI's Sam Altman. "We should de-escalate the rhetoric and tactics ...

Researchers detail how a prompt injection attack bypassed Apple Intelligence protections

A now corrected issue let researchers circumvent Apple’s restrictions and force the on-device LLM to execute ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
The Patriot Ledger

New CIS Report Warns Prompt Injection Attacks Pose Growing Risk to Generative AI

This report makes clear that technical prompt injections aren’t a theoretical problem, they’re a real and immediate risk.” — TJ Sayers, Senior Director of Threat Intelligence at CIS CLIFTON PARK, NY, ...