The Hacker News

When Your Browser Becomes The Attacker: AI Browser Exploits

AI browsers can be hijacked through prompt injection, turning assistants into insider threats. Learn how these exploits work & how to protect data.
IEEE

A BERT-Based Approach for Detecting Cross-Site Scripting Attacks

Abstract: Cross-site scripting (XSS) remains one of the most persistent threats to web application security, allowing attackers to inject malicious scripts that compromise user data and system ...
winbuzzer.com

How a Calendar Invite Can Trick Google Gemini Into Leaking Your Private Meetings

According to Security researchers, a malicious calendar invite can trick Google’s Gemini AI assistant into leaking private meeting data. The attack exploits how Gemini automatically processes calendar ...
TechRepublic

Google Gemini Flaw Let Attackers Access Private Calendar Data

Security researchers have revealed a flaw in Google’s Gemini AI assistant that allowed attackers to quietly pull private calendar data from users with nothing more than carefully crafted language ...
IEEE

Enhancing Web Security Through Machine Learning-Based Feature Selection for Cross-Site Scripting (XSS) Attacks Classification

Cross-Site scripting attacks get more sophisticated, so their protection becomes tough under web application security. XSS is also one of the major vulnerabilities that hackers use to inject malicious ...
Bleeping Computer

Microsoft to secure Entra ID sign-ins from script injection attacks

Microsoft plans to enhance the security of the Entra ID authentication system against external script injection attacks starting in mid-to-late October 2026. This update will implement a strengthened ...
GitHub

Promptology - AI Prompt Injection Payload Generator

LLM-powered tool for generating prompt injection payloads to pentest AI applications. Note: This project has been rewritten in Go for better performance and cross-platform compatibility.
SecurityWeek

Claude AI APIs Can Be Abused for Data Exfiltration

An attacker can inject indirect prompts to trick the model into harvesting user data and sending it to the attacker’s account. Attackers can use indirect prompt injections to trick Anthropic’s Claude ...
Searchenginejournal.com

WPBakery WordPress Vulnerability Lets Attackers Inject Malicious Code

An advisory was issued for the popular WPBakery plugin that’s bundled in thousands of WordPress themes. The vulnerability enables authenticated attackers to inject malicious scripts that execute when ...
Dark Reading

Cyberattackers Exploit Zimbra Zero-Day Via ICS

An unknown threat actor masquerading as the Libyan Navy's Office of Protocol targeted the Brazilian military earlier this year using a malicious calendar (ICS) file to deliver an exploit for a then ...
PC Gamer

Horrible news: exploit found in Humanoid robots capable of 'creating a robot botnet that spreads without user intervention' over Bluetooth

The phrase 'humanoid robots as attack vectors' just sent a chill up my spine. Though a fix for this specific exploit is reportedly rolling out. When you purchase through links on our site, we may earn ...
Microsoft

Why XSS still matters: MSRC’s perspective on a 25-year-old threat

Cross-Site Scripting (XSS) has been a known vulnerability class for two decades, yet it continues to surface in modern applications, including those built with the latest frameworks and cloud-native ...