Fake Bug Report Hijacks AI Coding Agents at Scale
"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.
Reports provide structured accounts of cyber incidents, vulnerabilities, and controls, helping readers assess security risks and responses.
Search across headline titles and summaries.
Background for this topic.
A report is a documented account of an event, investigation, assessment, or analysis, supported by evidence and presented for others to review. In information security, the term commonly covers incident findings, vulnerability research, threat-intelligence assessments, audit results, and surveys of security practices. A useful report states its scope, methods, evidence, timeframe, and level of confidence rather than presenting conclusions without context.
Reports help practitioners prioritize remediation, validate controls, and improve incident response, but their details require careful interpretation. A vulnerability report should identify affected versions, exploit conditions, and mitigation steps; an incident report should distinguish confirmed facts from assumptions and protect sensitive personal or investigative data. Threat reports may contain indicators of compromise that need verification before being used in detection systems. Reports used for compliance or executive decisions should preserve a clear evidence trail, since incomplete scope, outdated findings, or undisclosed conflicts can lead to misplaced security priorities.
Weekly headline count for the current query.
"Agentjacking" is the latest demonstration of how easily attackers can exploit an AI agent's inability to differentiate between content and instructions.
Executive leaders may not be saying it aloud, but business objectives and priorities don't always promote timely disclosures.
Ransomware and vendor breaches persist. The "2026 Data Breach Investigations Report" (DBIR) highlights how evolving social engineering tactics make the sector more vulnerable.
Verizon's 2026 Data Breach Investigations Report (DBIR) finds that exploits are now involved in 31% of initial access for breaches, while patching lags too far behind the bad guys.
In a new report from the Cloud Security Alliance (CSA), experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos.
The PCI Security Standards Council experienced a record year in many regards, but its first annual report shows it needs to work even faster to stay ahead of attackers.
An analysis of startup firm's spending on AI applications finds the top categories to be productivity and content-generation. Security? Not so much.
Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms.
Flashpoint published its 2025 mid-year ransomware report that highlighted the top five most prolific groups currently in operation.
The company has yet to report an exact number of how many individuals were impacted by the breach and plans to start the notification process around Aug. 1.
Data exfiltration was the most common malware in Sonatype report, with more than 4,400 packages designed to steal secrets, personally identifiable information, credentials, and API tokens.
According to a government report, El Chapo's Sinaloa drug cartel used a hacker to spy on people connected to the FBI's 2018 investigation against the kingpin, which led to deadly consequences.
The move is unrelated to a recent nation-state attack the vendor endured but stems from a report by a third-party researcher.
CardinalOps' report shows that organizations are struggling to keep up with the evolution of the latest threats while a significant number of detection rules remain non-functional.
The country will require certain organizations to report ransomware payments and communications within 72 hours after they're made or face potential civil penalties.
A LevelBlue report looks at what goes into the security postures of a cyber-resilient organization, and found that AI is still a blind spot.
The losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report.
In the latest Secure Future Initiative Progress Report, Microsoft described efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new "Secure by Design UX Toolkit."
Verizon's 2025 Data Breach Investigations Report highlighted dire — but not new — trends in the education sector. Without more help, faculty and staff continue to fall for social engineering campaigns and make simple security errors.