Tag: ai
-
Claude Code, Gemini CLI, and GitHub Copilot Exposed to Prompt Injection via GitHub Comments
Comment and Control prompt injection vulnerabilities discovered in AI agents, including Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent. The research, spearheaded by Aonan Guan and Johns Hopkins University researchers, highlights critical architectural flaws in how these AI tools process untrusted user input within GitHub workflows. The Architecture of >>Comment and…
-
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
Tags: access, ai, attack, breach, credentials, cybersecurity, exploit, identity, supply-chain, threat, zero-dayThe cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn’t changed: stolen credentials.Identity-based attacks remain a dominant initial access vector in breaches today. Attackers obtain valid credentials through credential stuffing First seen on thehackernews.com Jump…
-
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
Cybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate.”The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated,” ESET security researcher Lukáš…
-
The US NSA is using Anthropic’s Claude Mythos despite supply chain risk
Axios reports the National Security Agency uses Anthropic Mythos model despite Department of Defense concerns, blurring AI risk vs defense lines. The reported use of Anthropic’s Mythos model by the U.S. National Security Agency is a reminder that the line between AI as a defensive tool and AI as a security risk is getting harder…
-
Sophos Red-Team simuliert Hackerangriff mit KI-Agenten OpenClaw
Der Versuch zeigt eindrucksvoll, wie tiefgreifend KI die Cybersicherheit verändert. Nicht als ferne Vision, sondern als Werkzeug, das schon heute Prozesse beschleunigt First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-red-team-simuliert-hackerangriff-mit-ki-agenten-openclaw/a44713/
-
13 Jahre unentdeckt: Mittels KI aufgespürte Lücke gefährdet Tausende Server
Hacker nutzen eine gefährliche und mithilfe von KI entdeckte Sicherheitslücke in Apache ActiveMQ aus. Auch in Deutschland sollten Admins tätig werden. First seen on golem.de Jump to article: www.golem.de/news/deutschland-auf-platz-4-tausende-apache-activemq-instanzen-sind-angreifbar-2604-207808.html
-
Deutschland auf Platz 4: Tausende ActiveMQ-Server sind angreifbar
Hacker nutzen eine gefährliche und per KI aufgespürte Sicherheitslücke in Apache ActiveMQ aus. Auch in Deutschland sollten Admins tätig werden. First seen on golem.de Jump to article: www.golem.de/news/deutschland-auf-platz-4-tausende-apache-activemq-instanzen-sind-angreifbar-2604-207808.html
-
Finanzverantwortlichen fehlen weiterhin Mindestregeln für den KI-Einsatz
Fast die Hälfte der selbsternannten KI”‘Vorreiter im Finanzbereich fehlt es laut einer neuen Studie an grundlegender Governance, um KI sicher zu skalieren. Statt eines einheitlichen Reifegrads zeigen sich sechs unterschiedliche Umsetzungsstadien mit klaren Schwächen bei Regeln oder Daten. Die Studie macht deutlich: Nicht die KI”‘Leistung, sondern fehlende Steuerbarkeit bremst den Fortschritt. Fast die… First seen…
-
Why identity is the driving force behind digital transformation
Who they are and what they are up to.The project they are working on.Which environment should they use?Using this information, the system can determine which resource someone needs, when they need it and how to use it. The principle behind it is ‘never trust, always verify’. With it, errors that normally occur are reduced, less…
-
Unveränderliche Backup-Speicherlösungen – Die ideale Verteidigung gegen KI-gestützte Angriffe
First seen on security-insider.de Jump to article: www.security-insider.de/die-ideale-verteidigung-gegen-ki-gestuetzte-angriffe-a-0feda47f8aab3b849c42f92823dd19ce/
-
KI auf dem Computer: Claude-Desktop-App installiert ungefragt Backdoor
Ein Datenschützer hat den Eintrag im Browser nur durch Zufall entdeckt. Sie könnte theoretisch für Angriffe genutzt werden. First seen on golem.de Jump to article: www.golem.de/news/ki-auf-dem-computer-claude-desktop-app-installiert-ungefragt-backdoor-2604-207804.html
-
KI als neue Atomwaffen: Das bizarre Politik-Manifest von Palantir
Tags: aiWie ticken die Chefs der Überwachungsfirma Palantir? In 22 Thesen finden sich bedenkliche Überlegungen, auch zum Umgang mit Nachkriegs-Deutschland. First seen on golem.de Jump to article: www.golem.de/news/ki-als-neue-atomwaffen-das-bizarre-politik-manifest-von-palantir-2604-207786.html
-
KnowBe4 setzt mit ISO/IEC 42001 ein klares Zeichen
Tags: aiKnowBe4 steht für ein grundlegendes Verständnis von KI als Technologie, die nicht nur leistungsfähig, sondern auch verantwortungsvoll gestaltet werden muss. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/knowbe4-setzt-mit-iso-iec-42001-ein-klares-zeichen/a44711/
-
AI-Driven Exploitation Could Shrink Defenders’ Patch Window
AI-powered cyberattacks are entering a new phase, with frontier AI models now capable of autonomously discovering and exploiting software vulnerabilities at unprecedented speed. Unit 42’s hands-on testing reveals that modern AI models are no longer مجرد coding assistants. Instead, they demonstrate the reasoning ability of full-spectrum security researchers. According to recent findings from Unit 42,…
-
Fünf Gründe gegen isolierten Endpunktschutz – Warum EDR im Zeitalter von KI-Angriffen versagt
First seen on security-insider.de Jump to article: www.security-insider.de/edr-endpunktschutz-ki-angriffe-versagt-a-e39cd1af1cadfeed156d38788e57ea67/
-
Researchers build an encrypted routing layer for private AI inference
Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models. A … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/securerouter-encrypted-ai-inference/
-
Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects
The popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revealed that a critical flaw exposes sensitive project data, source code, and user credentials for any project created on the platform before November 2025. According to a detailed public disclosure by security researcher…
-
AI job scams are booming and I was fooled by one. Here is how to avoid them
Fraudsters are using the promise of fake roles to trick job-seekers out of money, personal information or both, and with the help of AI they are more convincing than ever. But there are ways to spot themThere were clues from the start that it was too good to be true. A headhunter emailed me with…
-
ML-Based Anomaly Detection for Post-Quantum Metadata Exfiltration
Learn how ML-based anomaly detection stops metadata exfiltration in post-quantum AI environments and secures MCP infrastructure against advanced threats. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ml-based-anomaly-detection-for-post-quantum-metadata-exfiltration/
-
AI-Powered Risk Registers vs. Traditional Risk Management: What’s the Difference?
Key Takeaways It’s surprising that traditional risk registers (spreadsheets or basic databases) persist in a world racing toward AI-infused technology. But the states speak for themselves: 59% of GRC practitioners use no commercial tool, with 52% spending 30-50% of time on admin tasks like data entry. Although reliable for basic checklists, traditional risk registers are……
-
Singapore pushes for global standard to test generative AI
The proposed standard aims to ensure trustworthy AI by standardising benchmarking and red teaming methodologies, as IMDA’s chief urges faster action on global rules First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641943/Singapore-pushes-for-global-standard-to-test-generative-AI
-
Vercel Employee’s AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, are the new attack surface, the new lateral movement, a researcher noted. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/vercel-employees-ai-tool-access-data-breach
-
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
Google’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/
-
What Enterprise ‘AI Leaders’ Are Doing Right
KPMG Survey Finds Organizations Must Transform Ops to Scale AI. A new KPMG survey shows that while most enterprises have an AI strategy, only a small fraction are seeing real ROI. Enterprises getting it right are embedding AI into operations, governance and workforce development from the start. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/what-enterprise-ai-leaders-are-doing-right-a-31466
-
Health AI Firm Faces Lawsuits Over DNA Data Use, Disclosure
Complaints Allege Tempus AI Lacked Consent to Use, Share Data With Pharma Cos.. A healthcare artificial intelligence firm that sells genetic information from an acquired database holding the results of millions of screening tests faces multiple putative class action lawsuits in Chicago federal court. Genetic data resists attempts to de-identify it, plaintiffs say. First seen…
-
The FTC’s AI portfolio is about to get bigger
The commission is preparing to enforce key parts of a new law against sexual deepfakes and searching for ways to block AI-driven scamming using voice clones. First seen on cyberscoop.com Jump to article: cyberscoop.com/ftc-ai-portolio-getting-bigger-take-it-down-voice-cloning/
-
prompted 2026 Rob T. Lee, Glenn Thorpe, Dan Hubbard Sergej Epp Vibe Coded (Micro-Talks)
Tags: aiAuthor, Creator & Presenter: Rob T. Lee, Glenn Thorpe, Dan Hubbard & Sergej Epp Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-rob-t-lee-glenn-thorpe-dan-hubbard-sergej-epp-vibe-coded-micro-talks/
-
The MCP Disclosure Is the AI Era’s ‘Open Redirect’ Moment
The MCP flaw reveals a systemic AI security gap, exposing enterprise systems to supply chain attacks and forcing a shift toward data-layer governance. The post The MCP Disclosure Is the AI Era’s ‘Open Redirect’ Moment appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-mcp-ai-security-vulnerability-data-layer-governance/
-
Your AI Agents Should Be Getting Their Credentials from a PAM Vault
The rise of AI agents has created a problem that most security teams have not yet fully reckoned with. Developers are building agents that automate tasks, retrieve information, and take action on behalf of users. Those agents need credentials to do their jobs. And right now, in countless organizations, those credentials are being hardcoded into……