Decrypt

AI Agents Still Can't Stop Prompt Injection Attacks, Researchers Warn

A new benchmark study found AI agents remain vulnerable to prompt injection attacks as companies increasingly roll out the ...

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Chrome's WebMCP guidance warns that AI agents can be manipulated through the tools they are built to trust.
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
CSO Online

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in protobuf.js, including a flaw that can turn attacker-controlled schema data ...