LIVE FEED
Writer AI Session Token Leak Enables Account Takeover

Writer AI Session Token Leak Enables Account Takeover

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 The Hacker News

A critical vulnerability dubbed WriteOut in the Writer enterprise AI platform allowed attackers to hijack victim session tokens across organisational boundaries using a malicious agent preview link. The flaw exploited Writer's live preview sandbox, which incorrectly forwarded authenticated session cookies into attacker-controlled execution environments. Writer has patched the issue by isolating sandbox origins and stripping session cookies from preview requests.

AI Browser Extensions 60% Riskier Than Standard Tools

AI Browser Extensions 60% Riskier Than Standard Tools

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 The Hacker News

A LayerX report reveals that AI browser extensions represent a largely unmonitored attack surface in enterprise environments, with 1-in-6 enterprise users already running at least one AI extension. These extensions are statistically riskier than standard extensions — 60% more likely to carry a CVE, 3x more likely to access cookies, and capable of exfiltrating sensitive data without triggering DLP or SaaS monitoring controls. The finding highlights a critical governance gap in AI consumption channels that bypasses traditional enterprise security tooling.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.