The Hacker News

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed ...
The Hacker News

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three vulnerabilities in Anthropic’s MCP Git server allow prompt injection attacks that can read or delete files and, in some ...

Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork

PromptArmor, a security firm specializing in the discovery of AI vulnerabilities, reported on Wednesday that Cowork can be ...
InfoWorld

Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs

Update to the latest version and monitor for unexpected .git directories in non-repository folders, developers are told.
SecurityWeek

Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure

Vulnerabilities in Anthropic MCP server could be exploited via prompt injections to execute arbitrary code and read/delete ...

Gemini AI assistant tricked into leaking Google Calendar data

Using only natural language instructions, researchers were able to bypass Google Gemini's defenses against malicious prompt ...
CSO Online

Google Gemini flaw exposes new AI prompt injection risks for enterprises

A calendar-based prompt injection technique exposes how generative AI systems can be manipulated through trusted enterprise ...

Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks

Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code.
Dark Reading

Google Gemini Flaw Turns Calendar Invites Into Attack Vector

The indirect prompt injection vulnerability allows an attacker to weaponize Google invites to circumvent privacy controls and ...
SecurityWeek

Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore

Cybersecurity experts share insights on securing Application Programming Interfaces (APIs), essential to a connected tech ...
Security Boulevard

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM ...