Hackers exploit file upload bug in Breeze Cache WordPress plugin

Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading ...

How indirect prompt injection attacks on AI work - and 6 ways to shut them down

Cybercriminals are tricking AI into leaking your data, executing code, and sending you to malicious sites. Here's how.

OpenClaw-Based AI Agents Exposing 28,000 Systems to Hackers, Research Finds

New research reveals that AI agents—like OpenClaw—are exposing thousands of systems to hackers, posing notable security risks ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...
Tom's Hardware on MSN

Anthropic's model context protocol includes a critical remote code execution vulnerability

A design choice in the MCP SDKs allows remote code execution across the AI supply chain.
SecurityWeek

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Google Antigravity’s increasing popularity has brought the development platform into the crosshairs of researchers and ...

Thousands of OpenClaw AI control panels found accessible via the public internet

A surge in AI agent adoption is exposing critical systems online ...
CSO Online

Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure

Remote terminal units, PLCs, PoS systems, and bedside patient monitors may be susceptible to remote code execution, ...
Decrypt

Google Fixes AI Coding Tool Flaw That Let Attackers Execute Malicious Code: Report

Researchers say a prompt injection bug in Google's Antigravity AI coding tool could have let attackers run commands, despite ...
Dark Reading

Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk

The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to ...
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse

Lovable's API exposed source code and database credentials for 48 days after the company closed a bug report. Up to 62% of AI ...