The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...
Dark Reading

Copilot 'SearchLeak' Attack Allows 1-Click Data Theft

The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden ...
CSO Online

Prompt injection breaks today’s AI agents, study warns

Researchers say current AI agents fail to consistently resist prompt injection attacks, exposing enterprises to failures that ...

With Just 1 Click, Researchers Figured Out How to Hijack Microsoft Copilot to Steal Your Data

A recent Microsoft Copilot exploit demonstrates how AI can make existing cybersecurity bugs even more virulent.

This Copilot vulnerability could expose emails, 2FA codes, and other sensitive data

A newly discovered Microsoft Copilot vulnerability enables hackers to access your email and other data. Credit: Thomas Trutschel/Photothek via It seems no matter how many safeguards are put on AI ...

Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks

Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations.
CSO Online

5 runtime signals for catching a compromised AI agent

Once a signal of exploitation risk, Willison’s ‘lethal trifecta’ describes the baseline operations of every AI agent today.
The Next Web

A single click on a Microsoft link could have drained your inbox. Here’s how SearchLeak worked.

Varonis chained three bugs in Microsoft 365 Copilot Enterprise Search into a one-click data theft path that bypassed phishing filters and CSP protections.

Hackers turn Microsoft 365 Copilot into a one-click data theft tool

Varonis found a way to chain three bugs into one exploit that can lead to data exfiltration.