The Hacker News

Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial ...

‘Gemini Trifecta’ vulnerabilities in Google AI highlight risks of indirect prompt injection

What makes the Gemini Trifecta particularly interesting is the reliance on indirect prompt injection. Unlike obvious ...
Threat Post

Java, Python FTP Injection Attacks Bypass Firewalls

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. Newly disclosed FTP injection ...
Infosecurity-magazine.com

CISA Urges Software Makers to Eliminate OS Command Injection Vulnerabilities

The US government has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities. The alert from the Cybersecurity and Infrastructure ...
Bleeping Computer

Zyxel warns of critical command injection flaw in NAS devices

Zyxel is warning its NAS (Network Attached Storage) devices users to update their firmware to fix a critical severity command injection vulnerability. The newly discovered vulnerability, ...
The Hacker News

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

ForcedLeak flaw in Salesforce Agentforce allows data exfiltration via indirect prompt injection; Salesforce issues patch.
Infosecurity Magazine

Gemini Trifecta Highlights Dangers of Indirect Prompt Injection

The first indirect prompt injection vulnerability affects Gemini Cloud Assist: a tool designed to help users understand ...
Ars Technica

Zyxel silently patches command-injection vulnerability with 9.8 severity rating

Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability to control tens of thousands of firewall devices remotely. The vulnerability, ...