SecurityWeek

SAP’s January 2026 Security Updates Patch Critical Vulnerabilities

The first round of SAP patches for 2026 resolves 19 vulnerabilities, including critical SQL injection, RCE, and code ...
InfoWorld

Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs

Update to the latest version and monitor for unexpected .git directories in non-repository folders, developers are told.

Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security ...
Infosecurity Magazine

Prompt Injection Bugs Found in Official Anthropic Git MCP Server

MCP is an open standard introduced by Anthropic in November 2024 to allow AI assistants to interact with tools such as ...
The Hacker News

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed ...
Bleeping Computer

Are Copilot prompt injection flaws vulnerabilities or AI limits?

Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The ...
Berkman Klein Center

Why AI Keeps Falling for Prompt Injection Attacks

Bruce Schneier and Barath Raghavan explore why LLMs struggle with context and judgment and, consequently, are vulnerable to ...

Indirect prompt injection in Google Gemini enabled unauthorized access to meeting data

Miggo’s researchers describe the methodology as a form of indirect prompt injection leading to an authorization bypass. The ...
CSO Online

Google Gemini flaw exposes new AI prompt injection risks for enterprises

A calendar-based prompt injection technique exposes how generative AI systems can be manipulated through trusted enterprise ...
Fox News

OpenAI admits AI browsers face unsolvable prompt attacks

Cybercriminals don't always need malware or exploits to break into systems anymore. Sometimes, they just need the right words in the right place. OpenAI is now openly acknowledging that reality. The ...