What Security and Privacy Transparency Users Need from Consumer-Facing Generative AI

Users increasingly rely on consumer-facing generative AI GenAI for tasks ranging from everyday needs to sensitive use cases. Yet, it remains unclear whether and how existing security and privacy S&P communications in GenAI tools shape users' adoption decisions and subsequent experiences...

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Palo Alto, California, 19th November 2025, CyberNewsWire...

EUVD-2021-15156

Malware in sbrugna...

EUVD-2017-1401

Malware in sbrugna...

EUVD-2019-18838

Malware in sbrugna...

EUVD-2021-11020

Malware in sbrugna...

EUVD-2021-15137

Malware in sbrugna...

EUVD-2018-12506

Malware in sbrugna...

EUVD-2021-20430

Malware in sbrugna...

EUVD-2021-13242

Malware in sbrugna...

EUVD-2022-6782

Malicious code in bioql PyPI...

EUVD-2024-19116

Malicious code in bioql PyPI...

EUVD-2024-37725

Malicious code in bioql PyPI...

EUVD-2023-32920

Malicious code in bioql PyPI...

AI Agents Need Data Integrity

Think of the Web as a digital territory with its own social contract. In 2014, Tim Berners-Lee called for a "Magna Carta for the Web" to restore the balance of power between individuals and institutions. This mirrors the original charter's purpose: ensuring that those who occupy a territory have ...

Security Benefits and Side Effects of Labeling AI-Generated Images

Generative artificial intelligence is developing rapidly, impacting humans' interaction with information and digital media. It is increasingly used to create deceptively realistic misinformation, so lawmakers have imposed regulations requiring the disclosure of AI-generated content. However, only...

CVE-2019-17635

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted...

SAP Learning Solution Cross-Site Request Forgery Vulnerability

SAP Learning Solution is an enterprise-wide learning management system from SAP. SAP Learning Solution suffers from a cross-site request forgery vulnerability that arises from a web application that does not adequately validate that a request is coming from a trusted user. An attacker could explo...

CVE-2025-3523 User Interface (UI) Misrepresentation of attachment URL

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...

CVE-2024-12869 Improper Authentication in infiniflow/ragflow

In infiniflow/ragflow version v0.12.0, there is an improper authentication vulnerability that allows a user to view another user's invite list. This can lead to a privacy breach where users' personal or private information, such as email addresses or usernames in the invite list, could be exposed...