Cursor AI code editor faces unpatched vulnerability enabling code execution, adding to a string of critical RCE flaws ...
A prompt injection attack can trick GitHub’s preview Agentic Workflows into retrieving content from private repositories and ...
SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and ...
AI Now’s Friendly Fire PoC shows Claude Code and Codex running README-planted payloads on hosts when autonomous command ...
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit, ...
GitHub Copilot security review launched in the desktop app July 14, giving all subscribers — Free tier included — AI-driven ...
Researchers show HalluSquatting can make AI coding agents fetch fake repositories or skills and run attacker-supplied code.
Zscaler found attackers using SEO poisoning and hidden prompts in malicious websites to manipulate AI agents into making cryptocurrency payments.
A seemingly harmless PNG image could fool AI coding assistants into exposing sensitive data, according to new security ...
Ghostcommit hides prompts in PNG images to make AI coding agents leak secrets. Claude Code refused the attack in every test.
Researchers at the AI Now Institute developed a proof-of-concept exploit showing common AI tools used for security could ...
New Annual AI Security Report 2026 documents live intrusions run by AI, a vulnerability window compressed from days to hours, ...