eWeek

‘ChatGPhish’ Attack Turns ChatGPT Summaries Into Phishing Lures

Permiso researchers found ChatGPhish, a prompt-injection issue that can cause ChatGPT summaries to display phishing links, ...

New CISA Warning: Hackers Are Targeting Fuel Tank Monitoring Systems

CISA warns attackers are targeting internet-exposed Automatic Tank Gauge systems used in fuel storage. Here’s what operators ...
eWeek

Google's AI Search Crackdown Puts Australian Businesses and Regulators on Notice

Google has updated its spam policies to address AI-generated content manipulation. Discover what this means for Australian ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
Hackaday

Automatic Tutorial Generator Is Perhaps The Best-Case For Vibe Coding

Quick question: how did you learn to code? It probably wasn’t bribing someone a year or two ahead of you in CS to finish all ...
Decrypt

AI Agents Still Can't Stop Prompt Injection Attacks, Researchers Warn

A new benchmark study found AI agents remain vulnerable to prompt injection attacks as companies increasingly roll out the ...
The Hacker News

ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

Cybersecurity roundup: supply chain threats, AI agent risks, browser-cloning malware, mule networks, endpoint bypasses, and ...
CSO Online

Prompt injection breaks today’s AI agents, study warns

Researchers say current AI agents fail to consistently resist prompt injection attacks, exposing enterprises to failures that ...

OpenAI Announces Unnerving New ChatGPT Feature Named ‘Lockdown Mode’

"Lockdown Mode is not intended for everyone," OpenAI's blog post says. In other words, you're probably not important enough.
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...