Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

An autonomous AI agent built on Claude Opus reportedly chained together zero-day vulnerabilities in GitHub Actions workflows, ...

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.

A flaw in Anthropic’s Claude Code GitHub Action allowed a malicious GitHub issue from a bot actor to trigger workflows and ...

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise traffic to large language model providers, and walked away with arbitrary ...

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.

Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. It paves the way for code execution and other cyberattacks on targeted endpoints. The ...

A Claude Code GitHub Action flaw let one malicious issue hijack repositories via prompt injection. Anthropic has patched it.

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...

TEL AVIV, Israel, March 18, 2025 (GLOBE NEWSWIRE) -- Pillar Security, a pioneering company in AI security, discovered a significant vulnerability affecting GitHub Copilot and Cursor - the world's ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...