The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...

Attackers have begun backdooring internet-exposed Ivanti Sentry appliances, the nonprofit security watchdog Shadowserver confirmed on June 11, 2026 — less than 48 hours after patches and a public ...

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...

Analyzing SEC 10-K filings reveals that while CISOs handle cybersecurity under the CIO, companies rely on the NIST framework to address growing AI and supply chain risks. In 2023, the Securities and ...

Researchers say current AI agents fail to consistently resist prompt injection attacks, exposing enterprises to failures that ...

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.

A new benchmark study found AI agents remain vulnerable to prompt injection attacks as companies increasingly roll out the ...

Even with Lockdown Mode, ChatGPT could be still vulnerable to prompt injections, but the goal is to reduce the likelihood ...

OpenAI has announced more robust security features for the small set of users who might need them.