Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...
Dark Reading

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker ...
Yahoo Finance

Mimecast Introduces Runtime Data Security for Visibility and Control of Growing AI Risk

LEXINGTON, Mass., March 24, 2026 (GLOBE NEWSWIRE)-- Mimecast, the global cybersecurity leader in securing human and AI risk, today announced a major expansion of its Incydrâ„¢ offering with data ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...
InfoWorld

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional authentication is incapable of securing AI agents, the company says, as it announces Access Intelligence.
Microsoft

Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

Threat actors are abusing external Microsoft Teams collaboration to impersonate IT helpdesk staff and convince users to grant ...
Chiang Rai Times

Adapting Security for Intelligent Cloud Apps in 2026

Traditional security setups focus on walls around your network. They block outsiders at the gate. But intelligent cloud apps run AI and ML ...
SecurityWeek

GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data

GrafanaGhost, a weakness in Grafana, allows attackers to leak enterprise data via indirect prompts hidden in external resources.
Bleeping Computer

LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and ...
DataBreachToday

Grafana AI Bug Leaks Data With Zero-Click Exploit

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.