eWeek

‘ChatGPhish’ Attack Turns ChatGPT Summaries Into Phishing Lures

Permiso researchers found ChatGPhish, a prompt-injection issue that can cause ChatGPT summaries to display phishing links, ...

New CISA Warning: Hackers Are Targeting Fuel Tank Monitoring Systems

CISA warns attackers are targeting internet-exposed Automatic Tank Gauge systems used in fuel storage. Here’s what operators ...

Everything announced at the Google I/O 2026 keynote: AI, more AI, and smart glasses

Welcome to the agentic era.
Hackaday

Automatic Tutorial Generator Is Perhaps The Best-Case For Vibe Coding

Quick question: how did you learn to code? It probably wasn’t bribing someone a year or two ahead of you in CS to finish all ...
Decrypt

Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft

Researchers say prompt injection attacks could manipulate AI coding agents to access sensitive credentials stored in software ...

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...
SecurityWeek

Mirasvit Vulnerability Exploited to Execute Code on Magento Servers

Hackers are exploiting a critical vulnerability in Mirasvit Full Page Cache Warmer to execute code remotely on Magento ...

OpenAI unveils Lockdown Mode to protect sensitive data from prompt injection attacks

Even with Lockdown Mode, ChatGPT could be still vulnerable to prompt injections, but the goal is to reduce the likelihood ...
The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.
Infosecurity Magazine

Infosecurity Europe: Prompt Injection Remains Unsolved, OWASP Researcher Warns

At Infosecurity Europe 2026, OWASP’s Ariel Fogel warned that prompt injection remains an “unresolved problem” within ...
Memeburn

Grok Hack Explained: How Prompt Injection Drained Nearly $200K

A trader did not need to hack Grok, steal a password, or break a smart contract. A hidden Morse code prompt inside a public X reply was enough to trigger a nearly $200K crypto transfer from Grok’s ...

CISA orders feds to patch actively exploited Drupal vulnerability

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection ...