Browsing Tag
Vulnerability
1601 posts
PromptFiction Flaw Auto-Submitted Hidden Prompts in Claude Desktop
A one-click Claude Desktop flaw allowed attackers to submit concealed instructions without review, exposing chats and enabling code execution on some systems remotely.
July 15, 2026
Microsoft’s July 2026 Patch Tuesday fixes 622 flaws and 2 exploited zero-days
Microsoft’s July 2026 Patch Tuesday fixes 622 CVEs, including exploited AD FS and SharePoint flaws, plus the disclosed BitLocker bypass requiring urgent action.
July 15, 2026
Upwind Finds Coordinated Supply Chain Campaign Compromising Multiple AsyncAPI npm Packages
Upwind links compromised AsyncAPI npm packages to a coordinated supply chain attack spanning repositories, publishing pipelines, and developer systems at risk.
July 14, 2026
AI Gateway Connected to Amazon Bedrock Hijacked for Cryptomining
Darktrace says a LiteLLM AI gateway linked to Amazon Bedrock was compromised for cryptomining after signs of exposed SSH activity.
July 9, 2026
UNK_MassTraction Exploits Roundcube Flaws Against US, Canadian Universities
China-linked UNK_MassTraction targets US and Canadian universities through Roundcube flaws, stealing sessions and opening access to research mail servers.
July 8, 2026
GitLost: GitHub’s AI Agent Tricked Into Leaking Private Repository Data
Noma Labs details GitLost, a prompt injection flaw that made GitHub's AI agent expose private repo data through a crafted public issue and guardrail failures.
July 7, 2026
Sysdig Details JADEPUFFER, the First Documented Agentic Ransomware Operation
A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat.
July 2, 2026
New EvilTokens Attack Exposes Browser Visibility Gap in Enterprise SOCs
EvilTokens phishing hides takeover clues until browser execution leaving SOC teams needing deeper visibility to validate threats faster and reduce account risk.
June 30, 2026
212 New Venezuela Earthquake Domains Prompt Donation Scam Warnings
Researchers spotted 212 new domains registered after Venezuela's earthquake, warning donors of donation scam risks and urging them to verify relief sites first.
June 29, 2026
macOS Flaw Allowed Standard Users to Disable CrowdStrike and Kandji Security Tools
A macOS XPC flaw let regular users disable CrowdStrike and Kandji tools, exposing security gaps that vendors patched after XM Cyber reported the security issue.
June 26, 2026