Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security ...
InfoWorld

Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs

Update to the latest version and monitor for unexpected .git directories in non-repository folders, developers are told.
Infosecurity Magazine

Prompt Injection Bugs Found in Official Anthropic Git MCP Server

MCP is an open standard introduced by Anthropic in November 2024 to allow AI assistants to interact with tools such as ...
The Hacker News

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed ...
Bleeping Computer

Are Copilot prompt injection flaws vulnerabilities or AI limits?

Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The ...
CSO Online

Google Gemini flaw exposes new AI prompt injection risks for enterprises

A calendar-based prompt injection technique exposes how generative AI systems can be manipulated through trusted enterprise ...
Dark Reading

Vulnerabilities Threaten to Break Chainlit AI Framework

Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.
Berkman Klein Center

Why AI Keeps Falling for Prompt Injection Attacks

Bruce Schneier and Barath Raghavan explore why LLMs struggle with context and judgment and, consequently, are vulnerable to ...
The Hacker News

Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas

A critical Grist-Core flaw (CVE-2026-24002, CVSS 9.1) allows remote code execution through malicious formulas when Pyodide ...

Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities

Both platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity.