Dark Reading

Google Gemini Flaw Turns Calendar Invites Into Attack Vector

The indirect prompt injection vulnerability allows an attacker to weaponize Google invites to circumvent privacy controls and ...
The Hacker News

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed ...
Network World

F5 tackles AI security with new platform extensions

F5's Guardrails blocks prompts that attempt jailbreaks or injection attacks, and its AI Red Team automates vulnerability ...
WinBuzzer

Security Flaw Resurfaces in Anthropic’s New Claude Cowork Tool Days After Launch

Anthropic has launched Cowork with a known data exfiltration vulnerability that researchers reported in October 2025 but ...

For January, Patch Tuesday starts off with a bang

The latest update from Microsoft deals with 112 flaws, including eight the company rated critical — and three zero-day ...

All In One SEO WordPress Vulnerability Affects Over 3 Million Sites

A vulnerability in the AIOSEO plugin affecting up to 3 million installations adds to the six vulnerabilities found in 2025.

Fortinet closes security vulnerabilities in FortiOS, FortiSIEM, and more

Fortinet released updates for FortiOS and other products on Wednesday night. They fix, in some cases critical, ...
SecurityWeek

SAP’s January 2026 Security Updates Patch Critical Vulnerabilities

The first round of SAP patches for 2026 resolves 19 vulnerabilities, including critical SQL injection, RCE, and code ...

SAP Patchday: Developers fix 17 security vulnerabilities in January

SAP addresses 17 security vulnerabilities on January Patchday. Four of them are considered critical security risks.
Security Boulevard

Are There IDORs Lurking in Your Code? LLMs Are Finding Critical Business Logic Vulns—and They’re Everywhere

Security teams have always known that insecure direct object references (IDORs) and broken authorization vulnerabilities exist in their codebases. Ask any ...

ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

There’s a well-worn pattern in the development of AI chatbots. Researchers discover a vulnerability and exploit it to do ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI, an open-source, self-hosted web interface for interacting with local or remote AI language models, carried a high-severity vulnerability that enabled account takeover and, in some cases, ...