manchurian-agent-poc

Manchurian Candidate Agent POC ⚠️ SECURITY RESEARCH — EDU...

Rapid7 Detection Coverage for Iran-Linked Cyber Activity

The tension arising out of the conflict in Iran is beginning to show signs of expanding beyond a strictly regional crisis. Following our recent published advisories, this communication is intended to outline and summarize the detection and enrichment coverage available to Rapid7 customers, broadl...

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Agentic web browsers that leverage artificial intelligence AI capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to...

CVE-2026-20116

The CVE-2026-20116 entry concerns Cisco’s web-based management interfaces for Cisco Finesse and several Cisco contact center products (Packaged CCE, Unified CCE, Unified CCX, and Unified Intelligence Center). The vulnerability arises from insufficient validation of user-supplied input in the inte...

CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

It’s Official: Wiz Joins Google

Welcoming a new era of Cloud and AI Security...

Agent-to-Agent Attacks Are Coming: What API Security Teaches Us About Securing AI Systems

AI systems are no longer just isolated models responding to human prompts. In modern production environments, they are increasingly chained together – delegating tasks, calling tools, and coordinating decisions with limited or no human oversight. Almost all that communication happens through APIs...

The Mistral–Koyeb Deal and the Shift Toward Architectural Maturity in AI

...

Understanding and Reducing AI Risk in Modern Applications

Identify real AI risk by connecting signals in context across the layers of AI applications...

PT-2026-28635

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.1.10 Drupal AI versions 1.2.0 through 1.2.11 Description An incorrect authorization issue exists in Drupal AI Artificial Intelligence that allows for resource injection. The module and certain submodules AI...

Microsoft Graph Enterprise Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform enterprise intelligence collection. It supports authentication using Azure AD application credentials or an existing access token and enables enumeration of Azure users, SharePoint sites, OneDrive files, and Exchan...

AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

The module and certain submodules AI Automators, AI Translate, AI API Explorer, AI Content Suggestions provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser. Under certain circumstances, rendering of this HTML can lead to exposing secret communications in the...

Microsoft Graph Advanced Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform advanced intelligence collection in Microsoft 365 environments. The module supports Azure AD application authentication or direct access tokens and enables enumeration of Azure users, SharePoint sites, OneDrive...

PT-2026-24731

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

GO-2026-4641 WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool in github.com/Tencent/WeKnora

WeKnora Vulnerable to Remote Code Execution via SQL Injection Bypass in AI Database Query Tool in github.com/Tencent/WeKnora...

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Artificial Intelligence AI is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" f...

From Shadow Models to Audit-Ready AI Security: A Practical Path with Qualys TotalAI

Key Takeaways AI security demands a paradigm shift, treating models, endpoints, and integrations as dynamic attack surfaces requiring continuous governance. Inventory-driven visibility is foundational to managing AI sprawl, uncovering hidden assets, and aligning security with innovation velocity...

Build Transformative Security with AI-Powered WAF Detections

...

Multilingual AI-Driven Password Strength Estimation with Similarity-Based Detection

Considering the rise of cyberattacks incidents worldwide, the need to ensure stronger passwords is necessary. Developing a password strength meter PSM can help users create stronger passwords when creating an account on an online platform. This research aimed to explore whether incorporating a...

Cybersecurity AI: Hacking Consumer Robots in the AI Era

Is robot cybersecurity broken by AI? Consumer robots -- from autonomous lawnmowers to powered exoskeletons and window cleaners -- are rapidly entering homes and workplaces, yet their security remains rooted in assumptions of specialized attacker expertise. This paper presents evidence that...