The Hacker News

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed ...
Dark Reading

AI Agents Undermine Progress in Browser Security

Over three decades, the companies behind Web browsers have created a security stack to protect against abuses. Agentic browsers are undoing all that work.

For January, Patch Tuesday starts off with a bang

The latest update from Microsoft deals with 112 flaws, including eight the company rated critical — and three zero-day ...

Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork

Office workers without AI experience warned to watch for prompt injection attacks - good luck with that Anthropic's tendency ...

The 11 runtime attacks breaking AI security — and how CISOs are stopping them

CrowdStrike's 2025 data shows attackers breach AI systems in 51 seconds. Field CISOs reveal how inference security platforms ...
Dark Reading

Google Gemini Flaw Turns Calendar Invites Into Attack Vector

The indirect prompt injection vulnerability allows an attacker to weaponize Google invites to circumvent privacy controls and ...
Developer Tech

HackerOne framework addresses AI research legal ambiguity

HackerOne has released a new framework designed to provide the necessary legal cover for researchers to interrogate AI systems effectively.
Growth Business

How to use a Web Application Firewall to keep hackers out of your company’s systems

Myra Suggs explains what a Web Application Firewall (WAF) is, why your business needs one and how they're different to other ...
TechCircle

How can CISOs debunk common cloud security misconceptions

The cloud has revolutionised how businesses operate, offering unprecedented scalability, flexibility, and agility. However, many organisations ...
Security Boulevard

Are There IDORs Lurking in Your Code? LLMs Are Finding Critical Business Logic Vulns—and They’re Everywhere

Security teams have always known that insecure direct object references (IDORs) and broken authorization vulnerabilities exist in their codebases. Ask any ...