The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
MUO on MSN

Yes, you can get malware just by visiting a website

It's not even your browser's fault.
DataBreachToday

Grafana AI Bug Leaks Data With Zero-Click Exploit

A Grafana AI flaw enables zero-click data exfiltration by hiding malicious prompts in URLs, said a Noma Security report.
The Caledonian-Record

Aware Finds 98% of Organizations Signal Urgent Need for Biometric Orchestration as AI-Driven ...

A new report, The State of Biometric Security in the Age of AI Fraud, from Aware, Inc. (NASDAQ: AWRE), a global leader ...
Computer Weekly

April Patch Tuesday brings zero-days in Defender, SharePoint Server

The latest monthly Patch Tuesday update from Microsoft landed earlier on 14 April, including two notable zero-day flaws amid ...

Man City beat Chelsea to turn up heat on Arsenal

Manchester City take full advantage of leaders Arsenal's slip-up with victory at Chelsea to ignite an enthralling Premier ...
Cybernews

Axios patches critical vulnerability that allows attackers to steal cloud credentials

Axios, a widely used JavaScript library, is affected by a new critical vulnerability that enables attackers to chain exploits ...
Dark Reading

Microsoft, Salesforce Patch AI Agent Data Leak Flaws

Two recently fixed prompt injections in Salesforce Agentforce and Microsoft Copilot would have enabled an external attacker ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Researchers hijacked Claude, Gemini, and Copilot AI agents via prompt injection to steal API keys and tokens. All three ...

Researchers detail how a prompt injection attack bypassed Apple Intelligence protections

A now corrected issue let researchers circumvent Apple’s restrictions and force the on-device LLM to execute ...
SecurityWeek

Apple Intelligence AI Guardrails Bypassed in New Attack

“RSAC estimates that there were at least 200 million Apple Intelligence-capable devices in consumers’ hands as of December ...

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...