Dialogflow CX 'Rogue Agent' Flaw Enabled AI Chatbot Data Theft
Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Varonis reported the flaw to Google in late 2025 and it has been addressed, but it reminds defenders to take a fresh look at their AI Infrastructure security.
A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more.
The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.
A prompt injection vulnerability paired with other flaws can turn a Google search into a full attack chain that could threaten enterprise networks.
The indirect prompt injection vulnerability allows an attacker to weaponize invites to circumvent Google's privacy controls and access private data.
Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.
Google has fixed a critical vulnerability that enabled attackers to add malicious instructions to common documents to exfiltrate sensitive corporate information.
Flaws in individual models of Google's AI suite created significant security and privacy risks for users, demonstrating the need for heightened defenses.
Tenable released details of a Google Cloud Run flaw that prior to remediation allowed a threat actor to escalate privileges.
Attackers could have exploited a dependency confusion vulnerability affecting various Google Cloud services to execute a sprawling supply chain attack via just one malicious Python code package.
New Chrome release set to roll out over the next few days addresses 38 security issues in the browser.
Attackers use Google redirects in their phishing attack leveraging a now-patched vulnerability that spreads the multifaceted malware.
Google says the issue has to do with organizations ensuring they implement least-privilege principles.
The vulnerabilities exist in the widely used TorchServe framework, used by Amazon, Google, Walmart, and many other heavy hitters.
Google's fix to the Bad.Build flaw only partially addresses the issue, say security researchers who discovered it.
Because the security vulnerability is under active exploit, Google isn't releasing full details of the flaw while users could remain vulnerable.
CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.