SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.
Infosecurity Magazine

Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents

Security researchers have discovered 10 new indirect prompt injection (IPI) payloads targeting AI agents with malicious ...

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ...

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
SecurityWeek

Google Antigravity in Crosshairs of Security Researchers, Cybercriminals

Google Antigravity’s increasing popularity has brought the development platform into the crosshairs of researchers and ...

OpenAI subscribers get new ‘workspace agents’ to automate complex tasks across teams

OpenAI Group PBC said today it’s pushing ChatGPT outside its usual chat interface with the launch of “workspace agents,” ...
CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...
Security Boulevard

Lattice-based Cryptographic Integration for MCP Host-Client Communication

Learn how to secure Model Context Protocol (MCP) host-client communication using lattice-based PQC standards like ML-KEM and ML-DSA against quantum threats.
Computer Weekly

April Patch Tuesday brings zero-days in Defender, SharePoint Server

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...