Claude Flaw Automatically Sends Malicious Prompts to AI Agents
When combined with another exploit, the "PromptFiction" vulnerability, which has been fixed, could have enabled an end-to-end attack on a targeted system.
Stay informed on infosec trends, threats, and strategies with the latest updates and expert insights in Information Security.
Search across headline titles and summaries.
Background for this topic.
Fixed is a status indicating that a security issue has been addressed through a corrective change, such as a software patch, code change, configuration update, or removal of an affected component. In vulnerability tracking, it usually describes the issue under specified conditions and versions; it does not automatically prove that every affected asset has been updated or that exploitation is impossible.
For vulnerability management, practitioners should verify the fix’s scope, deployment, and effectiveness through testing, rescanning, or other evidence. Incomplete rollout, an overlooked instance, a dependent vulnerable component, or a regression can leave exposure despite a “Fixed” label. Records should distinguish fixed from mitigated or accepted, identify affected assets and versions, and retain validation dates. If the issue was exploited before remediation, fixing it does not establish that an attacker’s access or changes have been removed; that requires separate investigation.
Weekly headline count for the current query.
When combined with another exploit, the "PromptFiction" vulnerability, which has been fixed, could have enabled an end-to-end attack on a targeted system.
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
Cisco found and fixed a significant vulnerability in the way Anthropic handles memories, but experts warn that mishandled memory files will continue to threaten AI systems.
Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker to leak sensitive data.
Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate information.
Microsoft initially fixed CVE-2025-59287 in the WSUS update mechanism in the October 2025 Patch Tuesday release, but the company has now issued a second, out-of-band update for the flaw, which is under attack in the wild.
While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks.
Chinese threat actors have been feeding off the same Ivanti RCE vulnerabilities we've known about since last year, partly thanks to complications in patching.
The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.
The vulnerability affects certain versions of the Veeam Service Provider Console that can only be fixed by updating with the latest patch.
The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.
Now a zero-day, the vulnerability enables NTLM hash theft, an issue that Microsoft has already fixed twice before.
Intel works closely with academic researchers on hardware flaws and coordinates efforts with other vendors to roll out fixes for emerging vulnerabilities. That wasn't always the case.
The US broadband provider fixed an issue that allowed attackers to gain access to business customers’ modems, and then access info and execute commands with the same permissions of an ISP support team.
IT teams can better withstand scrutiny by helping their board understand risks and how they are fixed, as well as explaining their long-term vision for risk management.
A grouping of serious printer bugs, unveiled at last summer's Pwn2Own, were patchless for months, but are finally fixed now.
Airbus-owned NAVBLUE fixed the issue after a penetration testing firm disclosed the problem to the company.
Apache fixed a vulnerability in its OfBiz enterprise resource planning (ERP) framework last month, but attackers and researchers found a way around the patch.
The cybersecurity skills gap is making businesses more vulnerable, but it won't be fixed by upskilling high-potential recruits alone.
Researcher discovers vulnerabilities in the open source Web application, which were fixed in the latest Apache OpenMeeting update.