The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...

If you are a CIO or CISO evaluating an agentic AI platform, ask the same questions you would ask about any enterprise ...

A design choice in the MCP SDKs allows remote code execution across the AI supply chain.

A prompt injection flaw in Google’s Antigravity IDE turns a file search tool into a remote code execution vector, bypassing ...

SMS blasters, npm supply chain hits, and unpatched Windows flaws. Stay ahead of new phishing kits and exposed servers.

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...

A zero-day vulnerability exists in FortiClient EMS, which attackers are already exploiting in the wild. This allows them to inject and execute malicious code without prior authentication. Fortinet ...

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. The ...

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. Identified as ...

Fortinet deployed an emergency patch for yet another zero-day vulnerability that has been exploited in the wild. On Saturday, Fortinet disclosed CVE-2026-35616, which it described as an improper ...

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who have found exploitable instances in many commercial services and open-source ...