Tag: injection
-
CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)
CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/cve-2026-25108-filezen-vulnerability-exploited/
-
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute First…
-
Shai-Hulud-style NPM worm hits CI pipelines and AI coding tools
Poisoning the AI developer interface: The campaign was specifically flagged for its direct targeting of AI coding assistants. The malware deploys a malicious Model Context Protocol (MCP) server and injects it into configurations of popular AI tools, embedding itself as a trusted component in the assistant’s environment.Once this is achieved, prompt-injection techniques can trick the…
-
jsPDF Flaw Exposes Millions of Developers to Object Injection
A serious security flaw in jsPDF, a widely used JavaScript library for generating PDFs in web browsers, puts millions of developers and their users at risk. CVE-2026-25755 allows attackers to perform PDF Object Injection through the library’s addJS method. This vulnerability affects countless web applications that rely on jsPDF to create dynamic PDF documents from…
-
NDSS 2025 NodeMedic-FINE: Automatic Detection And Exploit Synthesis For Node.js Vulnerabilities
Session 13A: JavaScript Security Authors, Creators & Presenters: Darion Cassel (Carnegie Mellon University), Nuno Sabino (IST & CMU), Min-Chien Hsu (Carnegie Mellon University), Ruben Martins (Carnegie Mellon University), Limin Jia (Carnegie Mellon University) PAPER NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities The Node.js ecosystem comprises millions of packages written in JavaScript. Many packages…
-
Lessons From AI Hacking: Every Model, Every Layer Is Risky
After two years of finding flaws in AI infrastructure, two Wiz researchers advise security pros to worry less about prompt injection and more about vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/lessons-ai-hacking-model-every-layer-risky
-
AI Agents Are Quietly Redefining Enterprise Security Risk
AI agents now operate across enterprise systems, creating new risk via prompt injection, plugins, and persistent memory. Here’s how to adapt security. The post AI Agents Are Quietly Redefining Enterprise Security Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-ai-agents-enterprise-security-zero-trust-moltbook-risk/
-
Disclosure: XWiki CSS Injection (CVE-2026-26000)
During independent security research, a CSS injection vulnerability (CVE-2026-26000) was identified in the XWiki platform. XWiki is an open-source enterprise wiki and collaboration platform commonly used for internal documentation and knowledge management. According to XWiki, the platform has over 8,000 active installations and is used by organisations such as Lenovo and Amazon, meaning vulnerabilities can”¦…
-
Disclosure: XWiki CSS Injection (CVE-2026-26000)
During independent security research, a CSS injection vulnerability (CVE-2026-26000) was identified in the XWiki platform. XWiki is an open-source enterprise wiki and collaboration platform commonly used for internal documentation and knowledge management. According to XWiki, the platform has over 8,000 active installations and is used by organisations such as Lenovo and Amazon, meaning vulnerabilities can”¦…
-
‘Promptware’ Attacks Await an Unprepared AI Industry
Researchers Say AI Prompt Injection Has Emerged As a Dangerous New Class of Attacks. The large language model industry has mostly treated prompt injection attacks as a risk analogous to traditional web server prompt injection attacks. Researchers now say feeding rogue instructions to an artificial intelligence system merits its own classification as promptware. First seen…
-
‘Pomptware’ Attacks Await an Unprepared AI Industry
Researchers Say AI Prompt Injection Has Emerged As a Dangerous New Class of Attacks. The large language model industry has mostly treated prompt injection attacks as a risk analogous to traditional web server prompt injection attacks. Researchers now say feeding rogue instructions to an artificial intelligence system merits its own classification as promptware. First seen…
-
‘Pomptware’ Attacks Await an Unprepared AI Industry
Researchers Say AI Prompt Injection Has Emerged As a Dangerous New Class of Attacks. The large language model industry has mostly treated prompt injection attacks as a risk analogous to traditional web server prompt injection attacks. Researchers now say feeding rogue instructions to an artificial intelligence system merits its own classification as promptware. First seen…
-
OpenClaw AI ‘Log Poisoning’ Flaw Enables Malicious Content Injection
A severe >>log poisoning<< vulnerability has been discovered in the popular OpenClaw AI assistant, potentially allowing attackers to manipulate the agent's behaviour through indirect prompt injection. OpenClaw, an open-source autonomous agent known for its deep system integrations and ability to manage complex tasks, has recently seen massive adoption. However, its ability to self-debug and read…
-
The Promptware Kill Chain
Attacks against modern generative artificial intelligence (AI) large language models (LLMs) pose a real threat. Yet discussions around these attacks and their potential defenses are dangerously myopic. The dominant narrative focuses on “prompt injection,” a set of techniques to embed instructions into inputs to LLM intended to perform malicious activity. This term suggests a simple,…
-
Joomla Vulnerabilities in Novarain/Tassos Framework Expose SQL Injection Risks
Joomla site owners using extensions that bundle the Novarain/Tassos Framework are being warned after a source code review identified multiple attack primitives that can be chained together to achieve administrator takeover and reliable remote code execution (RCE) on unpatched instances. The issues affect extensions that ship the same system plugin, historically called Novarain Framework and…
-
ChatGPT gets new security feature to fight prompt injection attacks
OpenAI has introduced Lockdown Mode and Elevated Risk labels in ChatGPT to help users and organizations reduce the risk of prompt injection attacks and other advanced security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/16/chatgpt-lockdown-mode-elevated-risk/
-
Critical BeyondTrust RS vulnerability exploited in active attacks
remote access.exe and others.”The attackers also managed to create domain accounts using the net user command and then added them to administrative groups such as “enterprise admins” or “domain admins.”The AdsiSearcher tool was used to search the Active Directory environment for other computers and PSexec was used to install SimpleHelp on multiple devices.The researchers also…
-
Proofpoint Purchases Startup Acuvity to Bolster AI Security
Deal Targets GenAI Risks, Prompt Injection Attacks and Autonomous Agents. Proofpoint has acquired AI security startup Acuvity to address fast-evolving risks tied to generative AI, prompt injection and autonomous agents. The company says intent-based guardrails and deep AI forensics will help enterprises secure tools such as ChatGPT, Claude and emerging agent frameworks. First seen on…
-
Proofpoint Purchases Startup Acuvity to Bolster AI Security
Deal Targets GenAI Risks, Prompt Injection Attacks and Autonomous Agents. Proofpoint has acquired AI security startup Acuvity to address fast-evolving risks tied to generative AI, prompt injection and autonomous agents. The company says intent-based guardrails and deep AI forensics will help enterprises secure tools such as ChatGPT, Claude and emerging agent frameworks. First seen on…
-
Proofpoint Purchases Startup Acuvity to Bolster AI Security
Deal Targets GenAI Risks, Prompt Injection Attacks and Autonomous Agents. Proofpoint has acquired AI security startup Acuvity to address fast-evolving risks tied to generative AI, prompt injection and autonomous agents. The company says intent-based guardrails and deep AI forensics will help enterprises secure tools such as ChatGPT, Claude and emerging agent frameworks. First seen on…
-
CISA Issues Urgent Warning on Microsoft Configuration Manager SQL Injection Vulnerability Under Active Exploitation
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, risk, sql, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection vulnerability in Microsoft Configuration Manager to its Known Exploited Vulnerabilities (KEV) catalogue. The threat actors are actively exploiting the flaw in the wild. The addition signals immediate risk to organisations using the enterprise management platform. SQL Injection Enables Command Execution Tracked as…
-
Zimbra Issues Security Update to Address XSS, XXE, and LDAP Injection Flaws
Zimbra has officially released a critical security update, version 10.1.16, addressing multiple high-severity vulnerabilities that could compromise email infrastructure and user data. The company has classified this patch with a >>High<< security severity rating, urging administrators to prioritize the upgrade to mitigate risks associated with web-based attacks. The update primarily focuses on closing gaps related…
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/12/windows-notepad-markdown-feature-opens-door-to-rce-cve-2026-20841/
-
What CISOs need to know about the OpenClaw security nightmare
OpenClaw exposes enterprise security gaps: The first big lesson of this whole OpenClaw situation is that enterprises need to do more to get their security fundamentals in place. Because if there are any gaps, anywhere at all, they will now be found and exploited at an unprecedented pace. In the case of OpenClaw, that means…
-
AI agents spill secrets just by previewing malicious links
Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn First seen on theregister.com Jump to article: www.theregister.com/2026/02/10/ai_agents_messaging_apps_data_leak/