SecurityWeek

38 Vulnerabilities Found in OpenEMR Medical Software

Some of the vulnerabilities discovered by Aisle can be exploited to access and alter sensitive patient information. Dozens of vulnerabilities, including critical issues that can be exploited to steal ...
GitHub

Wapiti - Web Vulnerability Scanner

In order to work correctly, Wapiti needs Python 3.12, 3.13 or 3.14. All Python module dependencies will be installed automatically if you use the setup.py script or pip install wapiti3 See INSTALL.md ...
Infosecurity-magazine.com

Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents

Security researchers have discovered 10 new indirect prompt injection (IPI) payloads targeting AI agents with malicious instructions designed to achieve financial fraud, data destruction, API key ...
Kotaku

Developer Feels ‘Shut Down And Silenced’ After BAFTA Awards Pulled Her Game Over Its Subject Matter [Update]

The Quiet Things is an upcoming narrative game by Silver Script Games that tells an autobiographical story about studio founder Alyx Jones’ experiences with mental health issues and childhood abuse ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

In short:Security researcher Aonan Guan hijacked AI agents from Anthropic, Google, and Microsoft via prompt injection attacks on their GitHub Actions integrations, stealing API keys and tokens in each ...
Bleeping Computer

Signed software abused to deploy antivirus-killing scripts

A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The ...
Ars Technica

Pentagon buyer: We’re happy with our launch industry, but payloads are lagging

DALLAS—The Space Force officer tasked with overseeing more than $24 billion in research and development spending says the Pentagon is more interested in supporting startups building new space sensors ...
Dark Reading

Google Gemini Flaw Turns Calendar Invites Into Attack Vector

Researchers have uncovered a prompt injection vulnerability in Google's application ecosystem that allows attackers to gain access to sensitive data via its Gemini generative artificial intellience ...
TechRepublic

Google Gemini Flaw Let Attackers Access Private Calendar Data

Security researchers found a Google Gemini flaw that let hidden instructions in a meeting invite extract private calendar data and create deceptive events. Security researchers have revealed a flaw in ...
Lifehacker

This Free Script Disables Every AI Feature in Windows 11

Tired of all the Microsoft AI slop? You can remove it entirely. Some people love AI. If you're not one of them (or if you have a favorite AI tool that isn't baked into it), using Windows 11 can feel ...