Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...
Decrypt

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious ...

Critical command injection vulnerability discovered in Universal Robots PolyScope 5

Universal Robots urges users to update PolyScope software following critical vulnerability ...
SecurityWeek

Critical Vulnerability Exposes Industrial Robot Fleets to Hacking

Universal Robots PolyScope 5 is affected by CVE-2026-8153, a vulnerability that can be exploited to hack industrial robots.
SecurityWeek

Exploit Code Published for Critical Flowise RCE Vulnerability

Proof-of-concept (PoC) code has been published for a one-click RCE vulnerability in open source LLM building platform Flowise.

Ubiquiti patches three max severity UniFi OS vulnerabilities

Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges.
Opinion

Indirect Prompt Injection Is Now a Real-World AI Security Threat

AI agents are now being weaponized through prompt injection, exposing why model guardrails are not enough to protect enterprise data.
heise online

Cisco: Code injection vulnerability in Unity Connection and other flaws

Two vulnerabilities are found in Cisco's Unity Connection. The more severe one allows authenticated attackers from the network to inject and execute malicious code via manipulated API requests to the ...