A remote prompt injection flaw in GitLab Duo allowed attackers to steal private source code and inject malicious HTML. GitLab has since patched the issue. A newly disclosed vulnerability in GitLab Duo ...

Microsoft assigned CVE-2026-21520, a CVSS 7.5 indirect prompt injection vulnerability, to Copilot Studio. Capsule Security discovered the flaw, coordinated disclosure with Microsoft, and the patch was ...

The emergence of generative artificial intelligence services has produced a steady increase in what is typically referred to as “prompt injection” hacks, manipulating large language models through ...

"Prompt injection" on AI platforms is the new frontier of social engineering, writes ANNA COLLARD, SVP of content strategy and CISO advisor at KnowBe4 Africa.

A new report out today from network security company Tenable Holdings Inc. details three significant flaws that were found in Google LLC’s Gemini artificial intelligence suite that highlight the risks ...

AI coding tool flaws highlight the need for data-layer governance, access controls, encryption, and audit logs for AI agents.

A month after OpenAI introduced a program enabling users to create customized ChatGPT programs easily, a Northwestern University research team claims to have found a "significant security ...

A recent AI security panel featuring experts from OWASP, Microsoft, UnixGuy and TryHackMe explored why organizations must ...

As South African businesses increasingly deploy AI agents across HR, finance and supply-chain operations, cybersecurity experts are warning that a new threat is emerging: prompt injection attacks that ...

A security researcher, working with colleagues at Johns Hopkins University, opened a GitHub pull request, typed a malicious instruction into the PR title, and watched Anthropic’s Claude Code Security ...

Using only natural language instructions, researchers were able to bypass Google Gemini's defenses against malicious prompt injection and create misleading events to leak private Calendar data. Check ...

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...