CSO Online

Google Gemini flaw exposes new AI prompt injection risks for enterprises

A calendar-based prompt injection technique exposes how generative AI systems can be manipulated through trusted enterprise ...
The Hacker News

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Researchers found an indirect prompt injection flaw in Google Gemini that bypassed Calendar privacy controls and exposed ...
WinBuzzer

Security Flaw Resurfaces in Anthropic’s New Claude Cowork Tool Days After Launch

Anthropic has launched Cowork with a known data exfiltration vulnerability that researchers reported in October 2025 but ...

For January, Patch Tuesday starts off with a bang

The latest update from Microsoft deals with 112 flaws, including eight the company rated critical — and three zero-day ...

All In One SEO WordPress Vulnerability Affects Over 3 Million Sites

A vulnerability in the AIOSEO plugin affecting up to 3 million installations adds to the six vulnerabilities found in 2025.

Fortinet closes security vulnerabilities in FortiOS, FortiSIEM, and more

Fortinet released updates for FortiOS and other products on Wednesday night. They fix, in some cases critical, ...
SecurityWeek

SAP’s January 2026 Security Updates Patch Critical Vulnerabilities

The first round of SAP patches for 2026 resolves 19 vulnerabilities, including critical SQL injection, RCE, and code ...

SAP Patchday: Developers fix 17 security vulnerabilities in January

SAP addresses 17 security vulnerabilities on January Patchday. Four of them are considered critical security risks.
Security Boulevard

Are There IDORs Lurking in Your Code? LLMs Are Finding Critical Business Logic Vulns—and They’re Everywhere

Security teams have always known that insecure direct object references (IDORs) and broken authorization vulnerabilities exist in their codebases. Ask any ...

ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

There’s a well-worn pattern in the development of AI chatbots. Researchers discover a vulnerability and exploit it to do ...

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI, an open-source, self-hosted web interface for interacting with local or remote AI language models, carried a high ...
Gizmodo

OpenAI’s Outlook on AI Browser Security Is Bleak, but Maybe a Little More AI Can Fix It

As OpenAI and other tech companies keep working towards developing agentic AI, they’re now facing some new challenges, like how to stop AI agents from falling for scams. OpenAI said on Monday that ...