Microsoft

Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...
Android

The Notification Trap: How a Text on WhatsApp Could Have Controlled Your Phone's AI

Security firm SafeBreach discovered a significant prompt injection flaw in Android’s Google Gemini that allowed malicious notifications from apps like WhatsApp or Slack to hijack the assistant. By ...
Opinion
HackadayOpinion

This Week In Security: Messing With AI, 7Zip And Notepad++ Vulnerabilities, HTTP2 Bomb, And More

With the rise of AI coding assistants continuing apparently unabated, some project maintainers have begun striking back. Ars Technica reports on projects putting hostile directions into the ...