1134 matches found
CVE-2025-9111
The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress plugin AI ChatBot for WordPress 安全漏洞
WordPress AI ChatBot for WordPress plugin is an Artificial Intelligence ChatBot plugin designed for WordPress websites, which is mainly used to provide 24/7 automated customer service support, generate leads, collect user information and other features. The WordPress AI ChatBot for WordPress plug...
PT-2025-36577
Name of the Vulnerable Software and Affected Versions: AI ChatBot for WordPress plugin versions prior to 7.1.0 Description: The AI ChatBot for WordPress plugin does not sanitise and escape some of its settings. This could allow high-privilege users, such as administrators, to perform Stored...
AI in Government
Just a few months after Elon Musk's retreat from his unofficial role leading the Department of Government Efficiency DOGE, we have a clearer picture of his vision of government powered by artificial intelligence, and it has a lot more to do with consolidating power than benefitting the public. Ev...
ICE Has Spyware Now
Plus: An AI chatbot system is linked to a widespread hack, details emerge of a US plan to plant a spy device in North Korea, your job’s security training isn’t working, and more...
WordPress Ai Engine plugin <= 2.9.5 - Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion vulnerability
Missing Authorization to Unauthenticated Uploaded Files Disclosure And Deletion vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions = 2.9.5...
Salesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of Organizations
Salesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authentication tokens...
Chatbots, APIs, and the Hidden Risks Inside Your Application Stack
What happens when a legacy application quietly slips under the radar and ends up at the center of a security incident involving AI and APIs? For one global organization, this scenario played out in real time when an unusual chatbot behavior sparked a closer look into their recruitment platform,...
Malicious code in cld-ai-chatbot-web (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47807a9125d00d52f4b02cf9742fdd7efd42b3b9cc93d5091594127fa5c9771c Any computer that has this package installed or running should be considered...
MAL-2025-41375 Malicious code in cld-ai-chatbot-web (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 47807a9125d00d52f4b02cf9742fdd7efd42b3b9cc93d5091594127fa5c9771c Any computer that has this package installed or running should be considered...
Malicious code in mongodb-chatbot-eval (npm)
The package mongodb-chatbot-eval was found to contain malicious code...
MAL-2025-26635 Malicious code in mongodb-chatbot-eval (npm)
The package mongodb-chatbot-eval was found to contain malicious code...
WordPress AI Engine plugin 2.9.3-2.9.4 - Authenticated (Subscriber+) Arbitrary File Upload
Authenticated Subscriber+ Arbitrary File Upload vulnerability discovered by ISMAILSHADOW in WordPress Plugin AI Engine versions 2.9.3-2.9.4...
A week in security (July 21 – July 27)
A list of topics we covered in the week of July 21 to July 27 of 2025 Last week on Malwarebytes Labs: Steam games abused to deliver malware once again Watch out: Instagram users targeted in novel phishing campaign Age verification: Child protection or privacy risk? iPhone vs. Android: iPhone user...
SUSE-SU-2025:02529-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: General - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacin...
A week in security (July 14 – July 20)
Last week on Malwarebytes Labs: Meta execs pay the pain away with $8 billion privacy settlement Adoption agency leaks over a million records Meta AI chatbot bug could have allowed anyone to see private conversations WeTransfer walks back clause that said it would train AI on your files Chrome fix...
Hackers Are Finding New Ways to Hide Malware in DNS Records
Newly published research shows that the domain name system—a fundamental part of the web—can be exploited to hide malicious code and prompt injection attacks against chatbots...
McDonald’s AI bot spills data on job applicants
McDonald's has outsourced the initial stages of its hiring process to an AI chatbot which seems to have been built without proper security measures. Security researchers managed to extract personal information about McDonald's job applicants by simply guessing a username and the password “12345.”...
PT-2025-28323 · WordPress · Ai Engine
Name of the Vulnerable Software and Affected Versions: The AI Engine plugin for WordPress versions up to, and including, 2.8.4 Description: The issue is related to Stored Cross-Site Scripting via the id parameter in the mwai chatbot shortcode. This is due to insufficient input sanitization and...
TuneShield: Mitigating Toxicity in Conversational AI While Fine-Tuning on Untrusted Data
Recent advances in foundation models, such as LLMs, have revolutionized conversational AI. Chatbots are increasingly being developed by customizing LLMs on specific conversational datasets. However, mitigating toxicity during this customization, especially when dealing with untrusted training dat...