Latest news as of 5/23/2026, 5:33:43 AM
Bleeping Computer
Using only natural language instructions, researchers were able to bypass Google Gemini's defenses against malicious prompt injection and create misleading events to leak private Calendar data. [...]
Dark Reading
Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities.
Dark Reading
The indirect prompt injection vulnerability allows an attacker to weaponize calendar invites to circumvent Google's privacy controls and access private data.
Bleeping Computer
Microsoft has released PowerToys 0.97, with a new mouse utility for multi-monitor setups and significant improvements to the Command Palette quick launcher. [...]
Graham Cluley
In episode 84 of The AI Fix, Graham and Mark stare straight into the digital abyss and ask the most important question of our age: "Is AI just a hungry ghost trapped in a jar?" Also this week, we explore how a shadowy group of disgruntled insiders trying to destroy AI by poisoning its training data, how "vibe-coding" has stopped being a joke with even Linus Torvalds joining in, how Google’s AI health advice could have endangered lives, and why simply asking an AI the same question twice can turn it from clueless to near-omniscient. Oh, and AI has managed to crack some famously unsolved maths problems in minutes, and Grok gains access to all of the Pentagon's networks? What could possibly go wrong? All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.
Bleeping Computer
Identity-based attacks are one of the primary paths attackers use to breach corporate networks. Tenfold shows how Identity Threat Detection helps spot suspicious account activity before real damage occurs. [...]
Bleeping Computer
Learn how security leaders and SOC teams can work together to close the gap between platform decisions and operational needs. Join Sumo Logic and BleepingComputer on January 29 for a practical webinar on aligning security tools with real-world workflows. [...]
The Hacker News
Cybersecurity researchers have uncovered a new phishing campaign that exploits social media private messages to propagate malicious payloads, likely with the intent to deploy a remote access trojan (RAT). The activity delivers "weaponized files via Dynamic Link Library (DLL) sideloading, combined with a legitimate, open-source Python pen-testing script," ReliaQuest said in a report shared with
The Hacker News
A set of three security vulnerabilities has been disclosed in mcp-server-git, the official Git Model Context Protocol (MCP) server maintained by Anthropic, that could be exploited to read or delete arbitrary files and execute code under certain conditions. "These flaws can be exploited through prompt injection, meaning an attacker who can influence what an AI assistant reads (a malicious README,
The Register
Update Chainlit to the latest version ASAP Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework Chainlit put major enterprises' cloud environments at risk of leaking data or even full takeover, according to cyber-threat exposure startup Zafran.…