Dark Reading

ChatGPT's Memory Feature Supercharges Prompt Injection

That's according to researchers from Radware, who have created a new exploit chain it calls "ZombieAgent," which demonstrates ...

Yes, criminals are using AI to vibe-code malware

"Everybody's asking: Is vibe coding used in malware? And the answer, right now, is very likely yes," Kate Middagh, senior ...
The Register on MSN

OpenAI putting bandaids on bandaids as prompt injection problems keep festering

Happy Groundhog Day! Security researchers at Radware say they've identified several vulnerabilities in OpenAI's ChatGPT ...

ChatGPT falls to new data pilfering attack as a vicious cycle in AI continues

There’s a well-worn pattern in the development of AI chatbots. Researchers discover a vulnerability and exploit it to do ...
Opinion

IBM's AI agent Bob easily duped to run malware, researchers show

That's apparently the case with Bob. IBM's documentation, the PromptArmor Threat Intelligence Team explained in a writeup provided to The Register, includes a warning that setting high-risk commands ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI, an open-source, self-hosted web interface for interacting with local or remote AI language models, carried a high ...
Cybernews

Got an AI agent on your computer? Assume a breach, security researcher warns

AI coding agents are highly vulnerable to zero-click attacks hidden in simple prompts on websites and repositories, a ...
MIT Technology Review

AI coding is now everywhere. But not everyone is convinced.

Developers are navigating confusing gaps between expectation and reality. So are the rest of us. Depending who you ask, AI-powered coding is either giving software developers an unprecedented ...
Microsoft

‘Vibe coding’ and other ways AI is changing who can build apps and how

Doher Drizzle Pablo was drowning in travel receipts. After her company transferred her to Sweden from the Philippines last year, she’d started visiting clients in at least two countries a month, and ...
Ars Technica

Claude Code gets a web version—but it’s the new sandboxing that really matters

Anthropic has added web and mobile interfaces for Claude Code, its immensely popular command-line interface (CLI) agentic AI coding tool. The web interface appears to be well-baked at launch, but the ...
IEEE

Mitigating NoSQL Injection Vulnerabilities: Techniques, Examples, and Best Practices

Abstract: NoSQL injection is a security vulnerability that allows attackers to interfere with an application’s queries to a NoSQL database. Such attacks can result in bypassing authentication ...
Bleeping Computer

Critical SAP S/4HANA vulnerability now exploited in attacks

A critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. The flaw, tracked as CVE-2025-42957, is an ABAP code ...