Permiso Security has disclosed ChatGPhish, a vulnerability in ChatGPT's web summarisation feature that allows attacker-controlled Markdown payloads embedded in third-party pages to render phishing …
A now-patched vulnerability in Google's agentic IDE Antigravity allowed attackers to achieve arbitrary code execution by injecting malicious flags into the find_by_name tool's Pattern parameter, …
A chained vulnerability in Cursor AI—a widely-used AI-powered code editor—allowed attackers to combine indirect prompt injection with a sandbox escape and the application's built-in remote tunnel …
A researcher has disclosed a novel prompt injection attack technique dubbed 'Comment and Control,' demonstrating that popular AI coding agents — including Claude Code, Gemini CLI, and GitHub Copilot …
Prompt injection vulnerabilities in Salesforce Agentforce and Microsoft Copilot were patched after researchers demonstrated that external attackers could exploit them to exfiltrate sensitive user …