Prompt injection remains the most effective way to compromise enterprise AI systems because it exploits the fundamental way ...

An agentic coding tool tasked with cloning and setting up a seemingly benign GitHub repository could execute a malicious ...

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection.

SentinelOne details Gaslight, a Rust-based macOS implant linked to North Korea-aligned actors that uses prompt injection to ...

Security researcher Nightmare Eclipse has released a new Windows BitLocker bypass, only one day after publishing an exploit targeting Microsoft Defender. Named GreatXML, the fresh exploit allows users ...

The zero-day "nightmare" apparently isn't over for Microsoft, as a disgruntled researcher who's been feuding with the company for the past three months has dropped yet another proof-of-concept (PoC) ...

Exploiting a race condition in Microsoft Defender, the exploit leads to local privilege escalation to SYSTEM. A security researcher has released another zero-day exploit targeting Microsoft’s Windows ...

Update: Added statement from Microsoft to the end of this article. A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two ...

Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code ...