Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.

The comments on some Steam Profiles are actually loaded with invisible malware.

A new benchmark study found AI agents remain vulnerable to prompt injection attacks as companies increasingly roll out the ...

A newly discovered Microsoft Copilot vulnerability enables hackers to access your email and other data. Credit: Thomas Trutschel/Photothek via It seems no matter how many safeguards are put on AI ...

A recent Microsoft Copilot exploit demonstrates how AI can make existing cybersecurity bugs even more virulent.

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the ...

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden ...

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.

Varonis found a way to chain three bugs into one exploit that can lead to data exfiltration.