Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

Prompt injection remains the most effective way to compromise enterprise AI systems because it exploits the fundamental way ...
Redmond Magazine

Microsoft Disrupts StegoAd Extension Campaign Affecting Up to 2.6 Million Users

Microsoft disrupted StegoAd, a malicious browser extension campaign affecting up to 2.6 million users. StegoAd used hidden payloads, delayed execution and steganography to evade browser security ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based code analysis systems into overlooking malicious payloads. Threat actors ...
Redmond Magazine

Microsoft Open Sources AI Safety Tools for Agent Development

Microsoft open-sources RAMPART and Clarity to improve AI agent safety engineering. RAMPART turns red-team findings into repeatable AI safety tests for CI pipelines. Clarity helps developers validate ...
Computerworld

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft delivered fixes for issues affecting everything from Windows to Office, .NET, and SQL Server, and several patches that should be deployed ASAP. Microsoft this week released 139 updates ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...
CSOonline

April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

This month’s threat landscape is ‘defined by immediate, real-world exploitation rather than just theoretical vulnerabilities,’ says an incident response manager. A critical hole in Windows Internet ...
InfoWorld

How Agile practices ensure quality in GenAI-assisted development

AI lets you code at warp speed, but without Agile "safety nets" like pair programming and automated tests, you're just creating technical debt even faster. Generative AI has revolutionized the space ...
GitHub

SQL Injection Cheat Sheet by Netsparker.html

<li><a href="http://www.ngssoftware.com/papers/advanced_sql_injection.pdf">Advanced SQL Injection In SQL Applications</a>,&nbsp;<em>Chris Anley</em></li> <li><a href ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
Seeking Alpha

Cybersecurity stocks fall after Anthropic unveils Claude Code Security

Anthropic (ANTHRO) unveiled a new feature called Claude Code Security built into Claude Code on the web. Cybersecurity stocks were in the red on Friday. CrowdStrike (CRWD) and Cloudflare (NET) each ...
theregister

Google: China's APT31 used Gemini to plan cyberattacks against US orgs

A Chinese government hacking group that has been sanctioned for targeting America's critical infrastructure used Google's AI chatbot, Gemini, to auto-analyze vulnerabilities and plan cyberattacks ...