Apple Reverses Age-Old Patch Policy to Keep Up With AI
Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Expect more compressed patching cycles from Apple going forward, as attackers leverage artificial intelligence to reduce time to exploit.
The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.
Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.
The now-patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence.
The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available.
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders that appear benign but return sensitive data to the attacker's server.
RSAC Conference Preview: MCP introduces security risks into LLM environments that are architectural and not easily fixable, researcher says.
The now-patched flaw is the latest in a growing string of security issues associated with the viral AI tool, which has seen rapid adoption among developers.
Researchers utilized prompts and large language models to develop an open-source AI framework capable of generating both vulnerability exploits and patches.
Patch now: A bug (CVE-2025-53967) in the popular Web design tool's option for talking to agentic AI can lead to remote code execution (RCE).
Generating exploits with AI and large language models shrinks the time to target software flaws, giving security teams scant time to patch. Can enterprises adapt?
DARPA's Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale.
A fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads.
The chipmakers patched bugs, mostly critical and high severity, that affect everything from smartphones to TVs to artificial intelligence platforms.
A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate.
Nvidia's latest GPUs are a hot commodity for AI, but security vulnerabilities could expose GPUs — which could be up to seven years old — to attacks from hackers.
Using information from a common technique for finding vulnerabilities, Google's Gemini can currently produce patches for 15% of such bugs. And it's not the only way to help automate bug fixing.
AI-generated code promises quicker fixes for vulnerabilities, but ultimately developers and security teams must balance competing interests.
Three vulnerabilities in the platform's API Management Service could allow access sensitive data, mount further attacks, and even hijack developer portals.