AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

FROST uses JavaScript and OPFS SSD timing to identify websites at 88.95% F1, exposing cross-browser privacy leaks.

Gong and other scholars have been issuing warnings about the security vulnerabilities of AI agents for a while. They publish ...

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels.

A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and ...

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...

Sites belonging to major universities such as Harvard and Oxford, as well as DuckDuckGo, have been compromised in the attack.

In the world of fast food restaurant hacks, sometimes things can get a little complicated. The hack inventor might say to order this, order that, split this in half, order another one of those, add ...

When Miriam Posner walked into her digital humanities class at the University of California at Los Angeles on Tuesday, her students were already primed. Their reading for the day happened to be about ...

Threat actors in Latin America have begun to use AI agents to facilitate their entire attack chains, from assisting with initial access to generating penetration tools on the fly — and organizations ...

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...