Prompt injections, the malicious commands attackers embed into content to entice LLMs to follow them, have been attackers’ go ...
A critical prompt injection vulnerability in GitHub Agentic Workflows could allow unauthenticated attackers to leak private repository data, ...
AI-assisted SQL injection exposed Front Gate Tickets, putting Lollapalooza, Bonnaroo, and millions of customer records at ...
Claude AI helped a security researcher uncover a flaw in Front Gate Tickets that could have allowed unlimited VIP tickets for ...
Security researcher Ian Carroll used Claude to bypass a web application firewall and expose a SQL injection flaw giving admin access across Front Gate Tickets, the Live Nation platform behind Bonnaroo ...
An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Administrators of the Drupal open source content management platform are rushing to install an emergency patch issued today to fix a “highly critical” SQL injection vulnerability in the application’s ...
Two newly disclosed vulnerabilities in the Avada Builder WordPress plugin have placed around one million sites at risk of arbitrary file read and SQL injection attacks. According to analysis from ...
A critical SQL injection vulnerability in the open-source AI gateway LiteLLM, tracked as CVE-2026-42208, was exploited less than two days after being listed in the GitHub Advisory Database. Attackers ...
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation ...
A security flaw in the Ally WordPress plugin used on more than 400,000 sites could allow attackers to extract sensitive data without logging in. A vulnerability in a widely used WordPress ...