The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Researchers hijacked Claude, Gemini, and Copilot AI agents via prompt injection to steal API keys and tokens. All three ...

Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users

Exclusive: Researchers who found the flaws scored beer money bounties and warn the problem is probably pervasive ...
The Hacker News

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two Composer flaws (CVE-2026-40176, CVE-2026-40261) allow command execution via Perforce configurations, prompting urgent ...

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...
Cryptopolitan on MSN

G. Love loses $424K in Bitcoin after falling for fake Ledger app as crypto scams surge

American musician Garrett Dutton, also known as G. Love of G. Love & Special Sauce, has had all his Bitcoin stolen in a hack.
Live Bitcoin News

LLM Routers Are Stealing Crypto: What This Study Found

A new arxiv study finds 26 LLM API routers injecting malicious code and draining ETH wallets, exposing a hidden supply chain ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
XDA Developers on MSN

I keep finding vibe coded apps that leak user data, and I'm not even looking for it

Vibe coding platforms are powerful, but users often don't know what they created.
Cybernews

Researchers hijack popular AI agents from Anthropic, Google, and Microsoft: vendors choose to stay silent

According to researchers, this is the first public cross-vendor demonstration of a single prompt injection pattern across ...
Blue Headlineq

Amazon RuleForge Shows What Agentic AI Security Looks Like at Real Scale

Security teams do not just have a vulnerability problem anymore. They have a translation problem. In 2025, the National Vulnerability Database published more than 48,000 new CVEs.