Google Gemini Flaw Turns Calendar Invites Into Attack Vector
The indirect prompt injection vulnerability allows an attacker to weaponize invites to circumvent Google's privacy controls and access private data.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The indirect prompt injection vulnerability allows an attacker to weaponize invites to circumvent Google's privacy controls and access private data.
In December 2024, the popular Ultralytics AI library was compromised, installing malicious code that hijacked system resources for cryptocurrency mining. In August 2025, malicious Nx packages leaked 2,349 GitHub, cloud, and AI credentials. Throughout 2024, ChatGPT vulnerabilities allowed unauthorized extraction of user data from AI memory
Agentic features open the door to data exfiltration or worse Feature With great power comes great vulnerability. Several new AI browsers, including OpenAI's Atlas, offer the ability to take actions on the user's behalf, such as opening web pages or even shopping. But these added capabilities create new attack vectors, particularly prompt injection.…
Persistent Security's Marcus Vervier on Microsoft Flaws, Pitfalls of AI CodingA newly discovered vulnerability present in Microsoft's Copilot and Visual Studio has brought a fresh batch of concerns around the security of artificial intelligence-powered coding tools to the forefront. It has the potential to turn AI models into a new attack vector.
Oracle Cloud Infrastructure Flaw Enabled Malicious File Uploads, Researchers FoundExploring Oracle Cloud Infrastructure, researchers at Tenable found that Oracle's console-based Code Editor tool failed to block arbitrary file uploads, and could be silently exploited via drive-by attacks to install malware. They said Oracle has now fixed the vulnerability.
Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources.
Phosphorus Cybersecurity's Phillip Wylie on Asset Inventory, Password HygieneOrganizations inadvertently create cybersecurity gaps by trusting connected devices. Threat actors are shifting tactics to exploit IoT vulnerabilities when traditional attack vectors strengthen, said Phillip Wylie, xIoT security evangelist at Phosphorous Cybersecurity.
The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector
A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments
Researchers at Aqua Security discovered the "Shadow Resource" attack vector and the "Bucket Monopoly" problem, where threat actors can guess the name of S3 buckets based on their public account IDs.
Flaws enable privilege escalation and remote code execution Nvidia's AI-powered ChatRTX app launched just six week ago but already has received patches for two security vulnerabilities that enabled attack vectors, including privilege escalation and remote code execution.…
Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations. Consequently, any identity in a SaaS app can create an opening for cybercriminals to
Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other
The popular package manager for software developers has been vulnerable to this attack vector for a while, and negligent in fixing the problem, according to a former employee.
To establish a better security posture, you must address vulnerabilities in your attack vectors and surfaces. While these terms are similar, they’re not the same. This article explores key differences between the two, helping you make your system more secure.
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code
IBM has fixed a high-severity security vulnerability affecting its Cloud Databases (ICD) for PostgreSQL product that could be potentially exploited to tamper with internal repositories and run unauthorized code
The Hell's Keychain attack vector highlights common cloud misconfigurations and secrets exposure that can pose grave risk to enterprise customers.
The National Institute of Standards and Technology (NIST) on Thursday released an updated cybersecurity guidance for managing risks in the supply chain, as it increasingly emerges as a lucrative attack vector
APT41, the state-sponsored threat actor affiliated with China, breached at least six U.S. state government networks between May 2021 and February 2022 by retooling its attack vectors to take advantage of vulnerable internet-facing web applications