The campaign spans npm, Packagist, Go, and Chrome, using obfuscated JavaScript loaders and VS Code tasks to deliver malware.
The DuneSlide vulnerabilities enable zero-click prompt injection attacks that escape Cursor's sandbox and execute arbitrary code on the underlying operating system.
Sysdig says JADEPUFFER used CVE-2025-3248 in Langflow to automate intrusion, credential theft, encryption, and data wipe.
Mozilla 0DIN’s Claude Code demo shows how clean GitHub repos can expose AI coding agents to prompt injection, reverse shells, ...
As enterprises rapidly embrace multimodal AI capable of understanding both text and images, security researchers are discovering that these powerful new capabilities introduce equally sophisticated ...
Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) ...
AI Impact tracks Wall Street’s AI oversight, DXC’s agent build, AI shopping checkout and India’s place in the AI trade.
Cisco SD-WAN zero-day CVE-2026-20245 was exploited months before disclosure: Mandiant reveals how a malicious CSV file ...
Official inference code for ONE-SHOT: Compositional Human-Environment Video Synthesis via Spatial-Decoupled Motion Injection and Hybrid Context Integration. ONE-SHOT is a parameter-efficient framework ...
When you are connecting your company’s internal data to Large Language models through RAG, APIs, SQL, etc., are you sure that it is completely safe? There might be contracts signed with the LLM ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results