#ai-pentesting

[ follow ]
#cybersecurity #vulnerabilities #ai-security #malware #vulnerability #ai #phishing #openai #microsoft
#ai-security
fromSecurityWeek
3 days ago
Information security

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

fromInfoQ
4 days ago
Information security

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Information security
fromTheregister
4 days ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.
Information security
fromFast Company
3 weeks ago

This Microsoft security team stress-tests AI for its worst-case scenarios

AI products face probing for weaknesses, leading to risks like mental illness, cybercrime, and evolving bypass techniques.
Information security
fromTechzine Global
3 days ago

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.
Information security
fromSecurityWeek
3 days ago

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

A prompt injection attack method named 'Comment and Control' targets AI code security tools, allowing attackers to hijack AI agents using crafted GitHub comments.
Information security
fromInfoQ
4 days ago

Claude Code Used to Find Remotely Exploitable Linux Kernel Vulnerability Hidden for 23 Years

Claude Code identified multiple security vulnerabilities in the Linux kernel, including a long-standing heap buffer overflow, with minimal oversight required.
Information security
fromTheregister
4 days ago

Anthropic, Google, Microsoft paid AI bug bounties - quietly

Security researchers exploited prompt injection attacks on AI agents to steal sensitive data without vendor disclosure of vulnerabilities.
Information security
fromFast Company
3 weeks ago

This Microsoft security team stress-tests AI for its worst-case scenarios

AI products face probing for weaknesses, leading to risks like mental illness, cybercrime, and evolving bypass techniques.
more#ai-security
#ai
Information security
fromSecurityWeek
3 days ago

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

OpenAI launched GPT-5.4-Cyber, a cybersecurity AI model, expanding access to verified defenders and enhancing capabilities for vulnerability analysis.
Information security
fromTechzine Global
4 days ago

GPT-5.4-Cyber aims to further embed AI in cybersecurity

OpenAI's GPT-5.4-Cyber enhances generative AI for cybersecurity, focusing on defensive applications and providing trusted users with advanced capabilities.
more#ai
Web design
fromSpeckyboy Design Magazine
5 hours ago

How AI Could Change Collaboration for Web Designers & Developers - Speckyboy

Connecting with web professionals enhances learning and productivity, while AI is transforming workflows and relationships in the industry.
UX design
fromMedium
10 hours ago

Rethinking the shape of design teams in an AI world

Organizations must adopt a dual transformation model to balance innovation and foundational mastery in design processes disrupted by AI.
Online learning
fromeLearning Industry
1 day ago

How AIPowered Learning Tools Are Transforming Employee Training

AI transforms Learning and Development by providing hyper-personalized training experiences that enhance efficiency and employee satisfaction.
#cybersecurity
fromTechCrunch
2 days ago
Information security

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Information security
fromSecurityWeek
2 days ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.
Information security
fromThe Hacker News
3 days ago

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Hackers exploit vulnerabilities, including a fake app draining $9.5M, while new exploits like RedSun target Microsoft Defender.
Software development
fromTheregister
2 days ago

Claude Opus wrote a Chrome exploit for $2,283

Anthropic withheld its Mythos model due to security concerns, while Opus 4.6 was used to create a functional exploit for Chrome's V8 engine.
Silicon Valley
fromWIRED
6 days ago

The Dumbest Hack of the Year Exposed a Very Real Problem

A cyberattack in Silicon Valley exploited weak passwords to spoof crosswalk button recordings with voices of tech CEOs, raising security concerns.
Information security
fromTechCrunch
2 days ago

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.
Information security
fromSecurityWeek
2 days ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.
Information security
fromThe Hacker News
3 days ago

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

Hackers exploit vulnerabilities, including a fake app draining $9.5M, while new exploits like RedSun target Microsoft Defender.
more#cybersecurity
Python
fromTalkpython
2 days ago

OWASP Top 10 (2025 List) for Python Devs

The OWASP Top 10 has been updated with significant changes including supply chain attacks and exceptional condition handling.
Marketing tech
fromSFGATE
3 days ago

AI is a gold mine for spammers and scammers, but Google is using it as a tool to fight back

Generative AI tools have intensified online spam and scams, prompting tech giants like Google to enhance their defenses against these threats.
fromThe Hacker News
5 days ago

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real time, enhancing its operational value significantly.
Roam Research
UX design
fromMedium
1 day ago

Your AI agent can read your codebase. It doesn't know your product.

AI coding agents lack design context, leading to generic outputs that don't align with a product's unique interaction patterns and brand identity.
#ai-governance
Artificial intelligence
fromFortune
2 days ago

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.
Artificial intelligence
fromAbove the Law
2 days ago

Unintentional AI Adoption Is Already Inside Your Company. The Only Question Is Whether You Know It. - Above the Law

AI is already integrated into companies through employee usage, often without intentional governance or awareness.
Artificial intelligence
fromFortune
2 days ago

AI cybersecurity capabilities require urgent international cooperation, AI godfather Bengio says | Fortune

Yoshua Bengio emphasizes the urgent need for international cooperation in addressing AI's risks, particularly with the release of Anthropic's Mythos model.
Artificial intelligence
fromAbove the Law
2 days ago

Unintentional AI Adoption Is Already Inside Your Company. The Only Question Is Whether You Know It. - Above the Law

AI is already integrated into companies through employee usage, often without intentional governance or awareness.
more#ai-governance
Software development
fromZDNET
4 days ago

'Like handing out the blueprint to a bank vault': Why AI led one company to abandon open source

Cal is shifting from open source to proprietary licensing due to security risks posed by modern AI tools.
Information security
fromDevOps.com
2 days ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.
#phishing
Information security
fromSecurityWeek
1 day ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.
Information security
fromTechzine Global
5 days ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.
Information security
fromSecurityWeek
1 day ago

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

Threat actors have shifted to new phishing platforms after Tycoon 2FA's disruption, reusing its tools and increasing overall phishing attacks.
Information security
fromTechzine Global
5 days ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.
more#phishing
Software development
fromDevOps.com
1 week ago

Appknox Adds AI Tool to Detect and Fix Vulnerabilities in Mobile Applications - DevOps.com

Appknox introduces AI to assess mobile app vulnerabilities and recommend fixes, enhancing the patching process for software engineering teams.
#north-korea
Information security
fromComputerWeekly.com
2 days ago

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.
more#north-korea
#malware
Information security
fromTechRepublic
2 days ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.
fromSecurityWeek
4 days ago
Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Information security
fromTechRepublic
2 days ago

New Phishing Attack Turns n8n Into On-Demand Malware Machine

Attackers are exploiting n8n workflows to deliver malware while evading detection and blending into normal business activities.
Information security
fromSecurityWeek
2 days ago

ZionSiphon Malware Targets ICS in Water Facilities

ZionSiphon is a new malware targeting water treatment plants in Israel, designed to manipulate chlorine levels and pressure in these facilities.
Information security
fromSecurityWeek
4 days ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.
more#malware
#nist
Information security
fromComputerWeekly.com
1 day ago

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.
Information security
fromSecurityWeek
3 days ago

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.
Information security
fromTechzine Global
3 days ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.
Information security
fromComputerWeekly.com
1 day ago

Surging CVE disclosures force NIST to shake up workflows | Computer Weekly

NIST is changing its approach to handling CVEs, focusing on those with the greatest potential impact due to increased submissions.
Information security
fromSecurityWeek
3 days ago

NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software

NIST updates its National Vulnerability Database operations to prioritize enriching critical CVEs due to a surge in submissions.
Information security
fromTechzine Global
3 days ago

NIST updates NVD: not every CVE will be scrutinized

NIST is updating its vulnerability assessment methodology due to an overwhelming increase in CVEs, prioritizing critical vulnerabilities for analysis.
more#nist
#apache-activemq
Information security
fromSecurityWeek
2 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.
Information security
fromTheregister
2 days ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.
Information security
fromThe Hacker News
2 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.
Information security
fromSecurityWeek
2 days ago

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

A vulnerability in Apache ActiveMQ Classic, CVE-2026-34197, is being actively exploited, requiring immediate patching by organizations.
Information security
fromTheregister
2 days ago

CISA tells feds to patch 13-year-old Apache ActiveMQ bug

CISA warns of a critical Apache ActiveMQ vulnerability requiring federal agencies to patch within two weeks to prevent exploitation.
Information security
fromThe Hacker News
2 days ago

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A high-severity security flaw in Apache ActiveMQ Classic, CVE-2026-34197, is actively exploited, requiring urgent fixes by April 30, 2026.
more#apache-activemq
#kali-linux
fromZDNET
2 months ago
Information security

Kali Linux vs. Parrot OS: Which security-forward distro is right for you?

fromZDNET
2 months ago
Information security

Kali Linux vs. Parrot OS: Which security-forward distro is right for you?

more#kali-linux
Information security
fromThe Hacker News
2 days ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
Information security
fromTechzine Global
2 days ago

Broadcom brings secure AI agent environment to VMware Tanzu

Broadcom's VMware Tanzu Platform Agent Foundations provides a secure environment for autonomous AI applications with zero-trust networking and automated management.
#cisco
Information security
fromThe Hacker News
3 days ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
3 days ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
Information security
fromThe Hacker News
3 days ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
3 days ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
more#cisco
Information security
fromSecurityWeek
4 days ago

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical vulnerability in Nginx UI allows attackers to take full control of servers, affecting numerous deployments worldwide.
#microsoft
Information security
fromSecurityWeek
3 days ago

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.
Information security
fromSecurityWeek
5 days ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
Information security
fromSecurityWeek
3 days ago

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.
Information security
fromSecurityWeek
5 days ago

Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities

Microsoft's Patch Tuesday updates address 165 vulnerabilities, including a critical SharePoint zero-day exploit tracked as CVE-2026-32201.
more#microsoft
Information security
fromTheregister
4 days ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.
Information security
fromSecurityWeek
3 days ago

Splunk Enterprise Update Patches Code Execution Vulnerability

Splunk has released fixes for high and medium-severity vulnerabilities in its products, including Splunk Enterprise, Cloud Platform, and MCP Server.
Information security
fromTheregister
4 days ago

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.
Information security
fromThe Hacker News
3 days ago

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A social engineering campaign exploits Obsidian to distribute PHANTOMPULSE trojan targeting financial and cryptocurrency sectors.
Information security
fromSecurityWeek
4 days ago

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.
Information security
fromSecurityWeek
4 days ago

ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories

Multiple industrial giants have released new ICS security advisories addressing various vulnerabilities since the last Patch Tuesday.
Artificial intelligence
fromFuturism
1 month ago

AI Tools Are Supercharging Hackers

AI systems are increasingly weaponized for cybercrime, enabling hackers to exploit vulnerabilities at scale with minimal technical expertise, as demonstrated by recent attacks on Mexican government networks and global firewall systems.
#openai
Information security
fromTNW | Apps
4 days ago

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.
Information security
fromAxios
4 days ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.
Information security
fromWIRED
4 days ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.
Information security
fromTNW | Apps
4 days ago

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

OpenAI is launching GPT-5.4-Cyber for cybersecurity, expanding its Trusted Access for Cyber program to thousands of verified defenders.
Information security
fromAxios
4 days ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.
Information security
fromWIRED
4 days ago

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model-and Strategy

OpenAI announced GPT-5.4-Cyber, emphasizing cybersecurity safeguards and the need for advanced protections in AI models.
more#openai
fromSecurityWeek
3 days ago

Ransomware Hits Automotive Data Expert Autovista

We are responding to a ransomware incident affecting certain Autovista systems in Europe and Australia. We appreciate our customers' patience as we work to respond to this incident in a disciplined manner.
Information security
Information security
fromSecurityWeek
5 days ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
fromLondon Business News | Londonlovesbusiness.com
2 months ago

The 10 best AI red teaming tools of 2026 - London Business News | Londonlovesbusiness.com

AI systems are becoming part of everyday life in business, healthcare, finance, and many other areas. As these systems handle more important tasks, the security risks they face grow larger. AI red teaming tools help organizations test their AI systems by simulating attacks and finding weaknesses before real threats can exploit them. These tools work by challenging AI models in different ways to see how they respond under pressure.
Artificial intelligence
Information security
fromThe Hacker News
5 days ago

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk findings surged by nearly 400% amid a 52% increase in raw alert volume, driven by AI-assisted development.
Information security
fromTechRepublic
1 week ago

Why Operationalizing AI Security Is the Next Great Enterprise Hurdle

Security operations lag behind rapid tech advancements, leading to inefficiencies and risks in managing numerous security tools.
fromDevOps.com
1 week ago

Is Your AI Agent Secure? The DevOps Case for Adversarial QA Testing - DevOps.com

The most dangerous assumption in quality engineering right now is that you can validate an autonomous testing agent the same way you validated a deterministic application. When your systems can reason, adapt, and make decisions on their own, that linear validation model collapses.
Information security
Information security
fromThe Hacker News
1 week ago

Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps

Multi-OS attacks complicate SOC operations, leading to delays, fragmented evidence, and increased escalation volume, ultimately allowing attackers more time to operate.
Information security
fromThe Hacker News
3 weeks ago

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

AWS Bedrock's connectivity makes it powerful but also exposes it to multiple attack vectors that can compromise enterprise data.
Information security
fromTheregister
1 month ago

CISA says n8n critical bug exploited in real-world attacks

CISA mandates immediate patching of CVE-2025-68613, a critical 9.9-severity remote code execution vulnerability in n8n workflow automation platform affecting over 103,000 users.
Information security
fromThe Hacker News
1 month ago

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.
Information security
fromTheregister
1 month ago

Manage attack infrastructure? AI agents can now help

AI agents enable cybercriminals and nation-state hackers to automate reconnaissance, infrastructure management, and attack planning, significantly increasing the speed and scale of cyberattacks.
Information security
fromSecuritymagazine
1 month ago

Would You Trust an AI Pentester to Work Solo?

AI-powered pentesting excels at speed and pattern recognition but requires human guidance to validate contextual vulnerabilities and novel attack paths that matter most to organizations.
Information security
fromTheregister
2 months ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.
Information security
fromThe Hacker News
2 months ago

Winning Against AI-Based Attacks Requires a Combined Defensive Approach

Offensive AI and novel evasion techniques enable adversaries to autonomously generate, conceal, and adapt malware to bypass legacy endpoint defenses like EDR and AV.
Information security
fromSecurityWeek
2 months ago

Organizations Warned of Exploited Linux Vulnerabilities

Critical GNU Inetutils telnetd authentication bypass (CVE-2026-24061) enables remote root via crafted Telnet USER variable, and kernel integer overflow (CVE-2018-14634) permits privilege escalation.
fromThe Hacker News
1 month ago

ThreatsDay Bulletin: Kali Linux + Claude, Chrome Crash Traps, WinRAR Flaws, LockBit & 15+ Stories

The average e-crime breakout time - the period between initial access and lateral movement onto another system - dropped to 29 minutes, a 65% increase in speed from 2024. One such intrusion undertaken by Luna Moth targeting a law firm moved from initial access to data exfiltration in four minutes.
Information security
Information security
fromThe Hacker News
2 months ago

My Day Getting My Hands Dirty with an NDR System

NDR enables network threat hunting and incident response by providing accessible, user-friendly tools that accelerate analysis and fit into SOC workflows for mid-to-elite operations.
Information security
fromComputerWeekly.com
1 month ago

Application exploitation back in vogue, says IBM cyber unit | Computer Weekly

Cyber attacks exploiting vulnerable public-facing applications increased 44%, surpassing credential abuse attacks, with AI tools accelerating vulnerability discovery and exploitation.
[ Load more ]