Awareness of all the ways prompt injection can be effected will help security teams spot a new generation of attacks.
The offices of Google are pictured in London on February 28, 2026. JUSTIN TALLIS/AFP via Getty Images Google released agents-cli on April 21, 2026, and it has shipped 13 updates in the 71 days since — ...
Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based code analysis systems into overlooking malicious payloads. Threat actors ...
A highly critical SQL injection vulnerability in Drupal core has raised concerns across organizations running PostgreSQL-backed Drupal environments. Tracked as CVE-2026-9082, the vulnerability affects ...
An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Nearly every major product family needs immediate patching, from Windows to Office to Microsoft Edge, SQL Server, and even Microsoft Developer Tools. Windows admins are going to be busy this month, ...
Microsoft’s April 2026 Patch Tuesday delivered fixes for 163 vulnerabilities, including two zero-days, alongside Windows 11 feature updates. SAP patched a critical ABAP SQL injection flaw ...
The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid a total of more than 160 distinct issues, and almost 250 accounting for ...
This month’s threat landscape is ‘defined by immediate, real-world exploitation rather than just theoretical vulnerabilities,’ says an incident response manager. A critical hole in Windows Internet ...
CISA ordered U.S. government agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks.