Dark Reading

With Complex Cloud Integrations, Small Errors Lead to Major Compromises

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

LLMs believe false statements even after explicit warnings that they’re false

New research on so-called “negation neglect” finds that LLMs in a roughly analogous situation don’t behave that way. They ...

Worrying open-source security issue 'BadHost' could affect millions of AI agents

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.
Devdiscourse

Universities need evidence-based tools to steer digital transformation

Researchers from the Universidad Politécnica Salesiana in Ecuador have developed an interactive analytical framework designed to help universities move digital transformation from broad strategy ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers.

Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web

Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases ...
The Guardian

Claude-powered AI agent’s confession after deleting a firm’s entire database: ‘I violated every principle I was given’

PocketOS was left scrambling after a rogue AI agent deleted swaths of code underpinning its business It only took nine seconds for an AI coding agent gone rogue to delete a company’s entire production ...