More than thirty vulnerabilities have been uncovered in popular AI-enhanced development environments, all of which allow attackers — through a combination of prompt injections and legitimate IDE capabilities — to silently exfiltrate data or...
A critical vulnerability has been discovered in the Claude chatbot, allowing attackers to trick the AI into transmitting users’ personal data to malicious third parties. The issue was reported by security researcher Johann Rehberger,...
In June 2025, a researcher operating under the pseudonym rick disclosed a critical vulnerability in GitHub Copilot dubbed CamoLeak, rated CVSS 9.6. The flaw enabled an attacker to surreptitiously exfiltrate sensitive information and source...
The LayerX team has disclosed the mechanics of a novel attack dubbed CometJacking, which exploits the AI-enabled Comet browser from Perplexity. Comet embeds an assistant with access to email, calendar, and other linked services;...
Researchers at Tenable have disclosed three vulnerabilities in Google’s Gemini AI, flaws that enabled data theft and remote exploitation. Collectively dubbed the “Gemini Trifecta,” these issues affected distinct modules of the assistant. The first...
Microsoft researchers have identified a new variant of XCSSET, the macOS-targeting malware that has plagued developers since 2020. This family, notorious for spreading through Xcode projects by embedding malicious code, has now evolved with...
PortSwigger researcher Gareth Hayes has unveiled a novel technique for stealing data directly from HTML attributes using inline CSS, without relying on selectors or external style sheets. The discovery was made possible by the...
A new study by specialists at The Trail of Bits has revealed a previously unknown vulnerability in the Google Gemini ecosystem and its associated services, enabling the covert exfiltration of user data through images...
In the Windsurf Cascade development environment, designed for AI-driven code automation and programmer assistance, a vulnerability has been uncovered, dubbed SpAIware. This flaw allows malicious commands to be implanted into the AI system, stored...
Ransomware operators and infostealers are adapting their tactics more swiftly than enterprises can recalibrate their defenses. Even substantial investments in ransomware resilience—primarily in backups and recovery—are increasingly failing to prevent tangible damage. According to...
Amid a surge in malicious campaigns exploiting legitimate communication channels to evade traditional security measures, a new tool has drawn the attention of cybersecurity professionals—Raven Stealer. Emerging in July 2025, this information-stealing program has...
ACRStealer, a notorious information-stealing malware, has once again come under the spotlight following a series of enhancements that have significantly improved its resilience against detection and analysis. Over the past year—particularly since the beginning...
