Indirect Prompt Injection in Web Content Targets AI Agents
Zscaler found sites hiding prompt-injection text to manipulate AI agents into crypto payments
Zscaler is a cloud security platform that brokers access to applications and internet services, making its controls and flaws relevant to enterprise risk.
Search across headline titles and summaries.
Background for this topic.
Zscaler is a cloud-delivered security platform that routes users’ web, SaaS, and private-application traffic through policy enforcement points rather than relying solely on an enterprise network perimeter. Its functions can include a secure web gateway, cloud firewall, malware and phishing inspection, data-loss controls, and zero-trust access, which grants access to specific applications based on identity and device context instead of broad network connectivity.
Security coverage depends on correct identity policies, traffic steering, endpoint agents, application connectors, and integrations with directories and security tools. Vulnerabilities or misconfigurations in those components can expose internal applications, bypass inspection, or disrupt access; compromise of an administrative account or control plane could also change policies broadly. HTTPS inspection requires installed trust certificates and creates material privacy and compliance considerations, so organizations should limit decryption, protect logs, and define retention. Advisories under this tag may therefore concern the cloud service, client software, connectors, APIs, or dependent identity systems, and should be assessed alongside configuration review and access-control monitoring.
Weekly headline count for the current query.
Zscaler found sites hiding prompt-injection text to manipulate AI agents into crypto payments
Hidden prompts on malicious websites trick AI agents into making payments or trusting fake sites, exposing new risks for autonomous AI workflows. Zscaler ThreatLabz documented two active campaigns that embed hidden instructions in web pages to manipulate AI agents, not human users, though those get caught too. The technique is called indirect prompt injection: malicious […]
Zscaler CEO Jay Chaudhry Says New AI Frontier Models Have Yet to Boost RevenueZscaler reported strong renewal growth and rising demand for zero trust security amid AI-driven threats, but slowing new customer acquisition, sales leadership turnover and cautious expectations for Red Canary integration weighed on investor confidence.
Startup Symmetry Systems Maps Relationships Across AI, SaaS and Cloud AssetsZscaler plans to acquire San Francisco-based Symmetry Systems to unify visibility across AI models, identities, applications and datasets, helping enterprises track AI lineage, govern agentic identities and enforce granular zero trust controls across cloud and SaaS environments.
Smaller Cybersecurity Partners Get Opus 4.7 But Not Anthropic's Highest-Risk ModelAnthropic’s Project Glasswing gives CrowdStrike, Palo Alto Networks and Zscaler privileged access to Claude Mythos Preview, while smaller cybersecurity partners such as SentinelOne and TrendAI can only integrate with Anthropic's generally available Opus 4.7 model.
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access
Zscaler's Ravi Monga on Managing AI Risks in Clinical EnvironmentsHealthcare organizations are increasingly adopting AI for efficiency and patient care, but governance is lagging behind. Zscaler's Healthcare CISO Ravi Monga explains why visibility into AI usage, including shadow AI, has become the sector's most urgent cybersecurity challenge.
Zscaler's Jay Chaudhry on Infrastructure, Agents and OversightZscaler CEO Jay Chaudhry explains why distributed infrastructure and zero trust models will shape AI security, the agent risks mirroring human threats and why strong oversight and identity validation remain essential for mission-critical applications.
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware
Zscaler ThreatLabz assessed with medium to high confidence that an Iranian adversary targeted Iraq’s Ministry of Foreign Affairs in a new cyber-attack
The security researchers from Zscaler ThreatLabz have also discovered five new tools deployed by the North Korean hacking group
The North Korean threat actor known as ScarCruft has been attributed to a fresh set of tools, including a backdoor that uses Zoho WorkDrive for command-and-control (C2) communications to fetch more payloads and an implant that uses removable media to relay commands and breach air-gapped networks
Zscaler's acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks are also investing in secure browser technologies.
The Russia-linked state-sponsored threat actor known as APT28 (aka UAC-0001) has been attributed to attacks exploiting a newly disclosed security flaw in Microsoft Office as part of a campaign codenamed Operation Neusploit
Zscaler analysts found critical vulnerabilities in 100% of enterprise AI systems, with 90% compromised in under 90 minutes
Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft
November 2025 saw cybersecurity giants like Palo Alto Networks, Bugcrowd and Zscaler invest in AI-powered security solutions
Zscaler estimates 239 malicious Android apps made it onto the official Play store over the past year
Hundreds of malicious Android apps on Google Play were downloaded more than 40 million times between June 2024 and May 2025, notes a report from cloud security company Zscaler. [...]
Acquisition Boosts AI Defense from Red-Teaming, Risk Scoring to Compliance TrackingThe SPLX acquisition gives Zscaler new tools for red-teaming, AI governance and pre-deployment risk analysis. The deal will strengthen Zscaler's push to provide comprehensive GenAI protection, from cloud model discovery to runtime guardrails and ongoing compliance reporting.