'Phantom Squatting': An Emerging AI-Driven Supply Chain Threat
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
LLMs consistently hallucinate Web domains for legitimate brands that attackers can register for malicious activity in a difficult-to-detect attack vector.
Understand Agentic AI Risks and Secure All MCP DeploymentsMCP has rapidly become the connective tissue of the agentic AI era and the standard for connecting AI agents to enterprise systems. But it also introduces new attack vectors, from tool poisoning to prompt injection. Here are six ways to reduce the risk.
AWS Bedrock is Amazon's platform for building AI-powered applications. It gives developers access to foundation models and the tools to connect those models directly to enterprise data and systems. That connectivity is what makes it powerful – but it’s also what makes Bedrock a target
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory
Israeli Startup Plans to Integrate AI Agent Guardrails Into Cloud PlatformSweet Security secured $75 million in Series B funding to integrate AI security into its CNAPP platform. With runtime protection as its differentiator, the startup plans to address growing CISO concerns over shadow AI and attack vectors involving intelligent agents.
Cybercrime has stopped being a problem of just the internet — it’s becoming a problem of the real world. Online scams now fund organized crime, hackers rent violence like a service, and even trusted apps or social platforms are turning into attack vectors
BeyondTrust’s annual cybersecurity predictions point to a year where old defenses will fail quietly, and new attack vectors will surge
Agentic features open the door to data exfiltration or worse Feature With great power comes great vulnerability. Several new AI browsers, including OpenAI's Atlas, offer the ability to take actions on the user's behalf, such as opening web pages or even shopping. But these added capabilities create new attack vectors, particularly prompt injection.…
NeutralTrust shows how agentic browser can interpret bogus links as trusted user commands Researchers have found more attack vectors for OpenAI's new Atlas web browser – this time by disguising a potentially malicious prompt as an apparently harmless URL.…
Persistent Security's Marcus Vervier on Microsoft Flaws, Pitfalls of AI CodingA newly discovered vulnerability present in Microsoft's Copilot and Visual Studio has brought a fresh batch of concerns around the security of artificial intelligence-powered coding tools to the forefront. It has the potential to turn AI models into a new attack vector.
Researchers Show How AI Image Downscaling Can be an Attack VectorResearchers discovered a method to embed invisible prompt injections that are activated during AI's processing of an image. When the model scales down these images, the hidden malicious instructions allow theft of data from popular image production systems.
Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources.
Google has revealed the various safety measures that are being incorporated into its generative artificial intelligence (AI) systems to mitigate emerging attack vectors like indirect prompt injections and improve the overall security posture for agentic AI systems
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code
Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.
Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. [...]
Flaws enable privilege escalation and remote code execution Nvidia's AI-powered ChatRTX app launched just six week ago but already has received patches for two security vulnerabilities that enabled attack vectors, including privilege escalation and remote code execution.…
Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations. Consequently, any identity in a SaaS app can create an opening for cybercriminals to
Researchers Created Worm That Can Exfiltrate Data, Spread Spam and Poison AI ModelsResearchers have created a zero-click, self-spreading worm that can steal personal data through applications that use chatbots powered by generative artificial intelligence. Dubbed Morris II, the malware uses a prompt injection attack vector to trick AI-powered email assistant apps.
The models powering generative AI like ChatGPT are open to several common attack vectors that organizations need to understand and get ready for, according to Google's dedicated AI Red Team.