CISA flags critical Microsoft SCCM flaw as exploited in attacks

CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager ...

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

From prompt injection to deepfake fraud, security researchers say several flaws have no known fix. Here's what to know about them.

Google says hackers are abusing Gemini AI for all attacks stages

Google Threat Intelligence Group (GTIG) has published a new report warning about AI model extraction/distillation attacks, in ...
GitHub

MSSQL Commandline Post-Exploitation Toolkit

A fully featured command line tool for post-exploitation operations on Microsoft SQL Server instances. Provides RCE (Remote Code Execution), privilege escalation, persistence, evasion, and cleanup ...
CSOonline

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...
TechCrunch

Anthropic’s new Cowork tool offers Claude Code without the code

On Monday, Anthropic announced a new tool called Cowork, designed as a more accessible version of Claude Code. Built into the Claude Desktop app, the new tool lets users designate a specific folder ...
Ars Technica

ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

There’s a well-worn pattern in the development of AI chatbots. Researchers discover a vulnerability and exploit it to do something bad. The platform introduces a guardrail that stops the attack from ...
Dark Reading

ChatGPT's Memory Feature Supercharges Prompt Injection

Some of the latest, best features of ChatGPT can be twisted to make indirect prompt injection (IPI) attacks more severe than they ever were before. That's according to researchers from Radware, who ...
Fox News

OpenAI admits AI browsers face unsolvable prompt attacks

Cybercriminals don't always need malware or exploits to break into systems anymore. Sometimes, they just need the right words in the right place. OpenAI is now openly acknowledging that reality. The ...
The New York Times

Trump’s Attack on Venezuela Is Illegal and Unwise

The editorial board is a group of opinion journalists whose views are informed by expertise, research, debate and certain longstanding values. It is separate from the newsroom. Over the past few ...
ZDNet

How OpenAI is defending ChatGPT Atlas from attacks now - and why safety's not guaranteed

OpenAI built an "automated attacker" to test Atlas' defenses. The qualities that make agents useful also make them vulnerable. AI security will be a game of cat and mouse for a long time. OpenAI is ...
Forbes

‘It May Be Worse’—No Fix For New Google Chrome Attacks

Welcome to the future — but be careful. “Billions of people trust Chrome to keep them safe,” Google says, adding that "the primary new threat facing all agentic browsers is indirect prompt injection.” ...