Zscaler found attackers using SEO poisoning and hidden prompts in malicious websites to manipulate AI agents into making cryptocurrency payments.
Fake CVE exploit repos pull frint and skytext packages to steal researcher credentials, with servers still live as of July 1.
Multiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. However, ChocoPoC ...
LayerX found that AI browsers could be fooled by a fake game-like prompt called BioShocking, and some vendors haven't fixed ...
Researchers say a new jailbreak technique tricked AI models into treating attacker-written text as their own reasoning, ...