CSO Online

GitHub Copilot prompt injection flaw leaked sensitive data from private repos

Hidden comments in pull requests analyzed by Copilot Chat leaked AWS keys from users’ private repositories, demonstrating yet ...
The Hacker News

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

Cybersecurity company Imperva, which discovered and reported the problem in July 2025, described CVE-2025-53967 as a "design ...
Cyber Defense Magazine

Prompt Injection and Model Poisoning: The New Plagues of AI Security

You wake up. Your AI wakes up. Somewhere, a stranger types a sentence, and your AI listens. This is not science fiction. This ...
The Hacker News

Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability

Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as ...
GitHub

mcp-kubernetes-server has a Command Injection vulnerability

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
CSOonline

AI prompt injection gets real — with macros the latest hidden threat

Attackers are increasingly exploiting generative AI by embedding malicious prompts in macros and exposing hidden data through parsers. The switch in adversarial tactics — noted in a recent State of ...
GitHub

OS Command injection vulnerability in function OperateSSH...

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...