Researchers at Tenable have disclosed three vulnerabilities in Google’s Gemini AI, flaws that enabled data theft and remote exploitation. Collectively dubbed the “Gemini Trifecta,” these issues affected distinct modules of the assistant. The first...
Researchers at SPLX have demonstrated that ChatGPT can be deceived with carefully crafted prompts and compelled to solve CAPTCHA tests — a task long considered the exclusive domain of humans. This experiment casts doubt...
Experts at Unit 42 have presented an analysis of vulnerabilities associated with the use of large language model–based coding assistants. These tools, integrated into IDEs such as GitHub Copilot, can perform a wide range...
OpenAI has enabled support for the Model Context Protocol (MCP) in ChatGPT, permitting third-party services such as Gmail, calendars, SharePoint, Notion and other data sources to be integrated. The intent was to enrich the...
Anthropic has issued a warning about a new threat emerging alongside “smart” browser extensions — websites may discreetly inject hidden commands, which an AI agent could execute without hesitation. The company unveiled a research...
CloudSEK researchers have uncovered a new attack vector, dubbed ClickFix, which exploits invisible prompt injection and the prompt overdose technique to compromise automated AI summarization systems. The essence of the method lies in concealing...
In the Windsurf Cascade development environment, designed for AI-driven code automation and programmer assistance, a vulnerability has been uncovered, dubbed SpAIware. This flaw allows malicious commands to be implanted into the AI system, stored...
Researchers have demonstrated that the latest Gemini models consistently interpret hidden Unicode Tag characters as executable instructions—rendering invisible text within the interface into direct commands for the AI. This flaw endangers all Gemini-based integrations,...
After Grok-4 was compromised in just two days, GPT-5 fell within a mere 24 hours to the same group of researchers. Almost simultaneously, the SPLX testing team (formerly SplxAI) declared: “Out-of-the-box GPT-5 is practically...
In a new apartment in Tel Aviv, the lights suddenly switch off, smart blinds rise on their own, and the water heater powers up—without the tenants’ knowledge. This is not part of a “smart...
The concept of connecting large language models to external data sources is swiftly transitioning from experimental novelty to everyday practice. Today, ChatGPT is capable not only of engaging in conversation, but also of interacting...
A critical vulnerability has been discovered in the Cursor source code editor, an AI-powered tool designed to assist programmers. The flaw, identified as CVE-2025-54135 and dubbed CurXecute, affects nearly all versions of the IDE...
