How Vulnerable Are AI Agents to Indirect Prompt Injections? Insights from a Large-Scale Public Competition

LLM based agents are increasingly deployed in high stakes settings where they process external data sources such as emails, documents, and code repositories. This creates exposure to indirect prompt injection attacks, where adversarial instructions embedded in external content manipulate agent...

PT-2026-25640

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update sql of the file src/vanna/legacy/flask/ init .py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

TrendAI™ Supports Global Law Enforcement Efforts

Learn how TrendAI™ and our researchers contributed threat intelligence and analysis to support INTERPOL against cybercrime...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by attackers to affect the traceability of user activities...

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

China's National Computer Network Emergency Response Technical Team CNCERT has issued a warning about the security risks stemming from the use of OpenClaw formerly Clawdbot and Moltbot, an open-source and self-hosted autonomous artificial intelligence AI agent. In a post shared on WeChat, CNCERT...

Mining the YARA Ecosystem: From Ad-Hoc Sharing to Data-Driven Threat Intelligence

YARA has established itself as the de facto standard for "Detection as Code," enabling analysts and DevSecOps practitioners to define signatures for malware identification across the software supply chain. Despite its pervasive use, the open-source YARA ecosystem remains characterized by ad-hoc...

CVE-2026-26133

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

Academia and the “AI Brain Drain”

In 2025, Google, Amazon, Microsoft and Meta collectively spent US$380 billion on building artificial-intelligence tools. That number is expected to surge still higher this year, to $650 billion, to fund the building of physical infrastructure, such as data centers see go.nature.com/3lzf79q...

AI in Vulnerability Discovery: A Call for Human Oversight and Caution

...

AK47

!Licensehttps://img.shields.io/github/license/99999G/AK47?lab...

Cisco Unified Intelligence Center XSS (cisco-sa-cc-xss-MrNAH5Jh)

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An...

Ransomware and Artificial Intelligence: A Comprehensive Systematic Review of Reviews

This study provides a comprehensive synthesis of Artificial Intelligence AI, especially Machine Learning ML and Deep Learning DL, in ransomware defense. Using a "review of reviews" methodology based on PRISMA, this paper gathers insights on how AI is transforming ransomware detection, prevention,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 2, 2026 to March 8, 2026)

Last week, there were 199 vulnerabilities disclosed in 84 WordPress Plugins and 107 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 59 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

RSAC 2026: Tag in a Partner for the AI Security Showdown

Legacy security wasn't built for autonomous AI. See how Akamai partners are stepping into the ring to build trust and secure the agentic enterprise...

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

Cybersecurity researchers have disclosed details of a suspected artificial intelligence AI-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163. "Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat...

Detecting and analyzing prompt abuse in AI tools

This second post in our AI Application Security series is all about moving from planning to practice. AI Application Series 1: Security considerations when adopting AI tools established how AI adoption expands the attack surface and our threat-modelling guidance on the Microsoft security blog...

The CISO’s Dilemma: How To Scale AI Securely

Your board wants AI. Your developers are building with it. Your budget committee is asking for an ROI timeline. But as CISO, you're the one who has to answer when the inevitable question comes up: "How do we know this is secure?" If you're like most security leaders, you're caught between two...

A Bootiful Podcast: Spring Messaging Legend Soby Chacko

Hi, Spring fans! In this installment, we talk with the legendary Soby Chacko about Apache Kafka, Spring AI, and much more! apachekafka kafka...

Microsoft多款产品 安全漏洞

Microsoft Excel is a product of the American company Microsoft. Microsoft Excel is a spreadsheet processing software within the Office suite. Microsoft Edge is a web browser that comes with systems running Windows 10 and later versions. Microsoft Word is a word processing software within the Offi...

claude-code-pentest

claude-code-pentest 6 Claude Code skills that automate th...