Decrypt

Malicious Web Pages Are Hijacking AI Agents, And Some Are Going After Your PayPal

Google's security team scanned billions of web pages and found real payloads designed to trick AI agents into sending money, ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...
The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.

Operant AI Launches CodeInjectionGuard to Defend AI Agents Against Runtime Code Injection Attacks

New capability intercepts and blocks malicious code at the point of execution, closing the critical gap between vulnerability ...
Infosecurity Magazine

Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents

Security researchers have discovered 10 new indirect prompt injection (IPI) payloads targeting AI agents with malicious ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...

US and allies urge ‘careful adoption’ of AI agents

New guidance from a coalition of Western governments underscores the difficult-to-predict risks of still-evolving agentic ...

Prompt Injection Attacks on Apple Intelligence

Two papers presented at the recently concluded RSAC security conference describe novel attack vectors on Apple Intelligence. The corresponding vulnerabilities in the area of so-called prompt ...

KnowBe4 Research Finds 86% of Phishing Attacks are AI Driven

KnowBe4, the global leader in digital workforce security, securing both AI agents and humans, today announced new research, ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...

Google Changes Gmail—New Gemini Attack Warning

Google has changed Gmail, expanding Gemini to millions of users — just as it warns that this kind of AI upgrade opens the ...