Google Zero-Day Alert For 3.5 Billion Chrome Users—Attacks Underway

Google has confirmed an emergency Chrome security update amid reports that attackers are exploiting two zero-day vulnerabilities.
The Hacker News

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

CNCERT warns OpenClaw AI agent has weak defaults enabling prompt injection and data leaks, prompting China to restrict use on government systems.

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...
Security Boulevard

When Proxies Become Attack Vectors Through Header Injection

This assumption breaks down because HTTP RFC flexibility allows different servers to interpret the same header field in fundamentally different ways, creating exploitable gaps that attackers are ...
The Hacker News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.
Cybernews

AI agents are too easy to fool, with websites now littered with hidden “system override” commands

Don’t act surprised when your AI agent starts printing millions of pages of cabbages, deletes an entire system partition, or sends your life savings to fraudsters – they’re just being helpful.

Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

If you wanted to steal local files from someone using Perplexity's Comet browser, until last month you could just schedule ...
IEEE

IDAT: An Impact-Driven Adaptive Threshold for Detecting False Data Injection Attacks on Wind Turbines

Abstract: The increasing deployment of wind power systems has raised concerns about their vulnerability to cyberattacks due to remote locations and insecure communication protocols. False data ...
Search Engine Roundtable

Microsoft Thwarts AI Prompt Injection Attacks Aimed To Manipulate AI Engines

Microsoft has implemented and continues to deploy mitigations against prompt injection attacks in Copilot, the company announced last week. Spammers were using the "Summarize with AI" type of buttons ...
The New York Times

Iran Could Direct Proxies to Attack U.S. Targets Abroad, Officials Warn

Security officials are monitoring increasingly worrisome signs as President Trump considers another military campaign against Iran. By Eric Schmitt Reporting from Washington U.S. and other Western ...
Biometric Companies

Biometric injection attacks, AI-powered fake IDs move the fraud prevention goalposts

Biometrics has advanced as a field to the extent that matching selfies and detecting simplistic spoofs are largely considered solved problems, yet fraud rates continue to rise. The top stories of the ...