Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Prompt injection attacks can manipulate AI behavior in ways that traditional cybersecurity ...

Why the first AI-orchestrated espionage campaign changes the agent security conversation Provided byProtegrity From the Gemini Calendar prompt-injection attack of 2026 to the September 2025 ...

Bruce Schneier and Barath Raghavan explore why LLMs struggle with context and judgment and, consequently, are vulnerable to prompt injection attacks. These 'attacks' are cases where LLMs are tricked ...

A newly disclosed weakness in Google’s Gemini shows how attackers could exploit routine calendar invitations to influence the model’s behavior, underscoring emerging security risks as enterprises ...

Abstract: An increasing number of web application services raises significant security concerns. Online access to these applications exposes them to multiple cyberattacks. The Open Web Application ...

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white ...

There’s a well-worn pattern in the development of AI chatbots. Researchers discover a vulnerability and exploit it to do something bad. The platform introduces a guardrail that stops the attack from ...

Cybercriminals don't always need malware or exploits to break into systems anymore. Sometimes, they just need the right words in the right place. OpenAI is now openly acknowledging that reality. The ...