Researchers detail how a prompt injection attack bypassed Apple Intelligence protections

A now corrected issue let researchers circumvent Apple’s restrictions and force the on-device LLM to execute ...
SecurityWeek

Apple Intelligence AI Guardrails Bypassed in New Attack

“RSAC estimates that there were at least 200 million Apple Intelligence-capable devices in consumers’ hands as of December ...
MUO on MSN

Yes, you can get malware just by visiting a website

It's not even your browser's fault.
IEEE

Bilevel Cyber-Induced Overloads Mechanism for False Data Injection Attacks Considering Post-Attack Economic Dispatch

Abstract: False data injection (FDI) attacks can mislead the system operator to conduct incorrect dispatch decisions, causing cyber-induced physical line overloads. However, traditional false data is ...

New macOS stealer campaign uses Script Editor in ClickFix attack

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
Dark Reading

Grafana Patches AI Bug That Could Have Leaked User Data

By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders as benign and return sensitive ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
SecurityWeek

Google DeepMind Researchers Map Web Attacks Against AI Agents

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous ...