Claude Flaw Automatically Sends Malicious Prompts to AI Agents
When combined with another exploit, the "PromptFiction" vulnerability, which has been fixed, could have enabled an end-to-end attack on a targeted system.
Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.
Search across headline titles and summaries.
Background for this topic.
A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.
Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.
Weekly headline count for the current query.
When combined with another exploit, the "PromptFiction" vulnerability, which has been fixed, could have enabled an end-to-end attack on a targeted system.
Automated Frequency Coordination systems by default trust client-side data, which could lead to location spoofing and other attacks that disrupt traffic.
Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security.
The flaw allows an unauthenticated attacker to craft a GitHub Issue in an org's public repository and then silently pull data from its private repos, too.
Attackers wasted little time targeting the latest memory disclosure flaw in Citrix's NetScaler products, after researchers published a proof-of-concept exploit (PoC).
An "agentic threat actor" successfully exploited a Langflow flaw to steal data from a production database server and encrypt other systems.
Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.
The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
Researchers believe rogue peering was used to connect to the victim's SD-WAN devices to gain admin privileges and root-level access.
Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.
The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.
Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.
A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.
A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more.
An unauthenticated attacker can exploit the command injection vulnerability to gain remote access to robotic systems, causing significant disruption to the environment.
It's the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.
Shortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there's been zero-day activity for at least a month.
Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.