Security Boulevard

The Chrome Extension Backdoor: How ‘Productivity Tools’ Became Enterprise Attack Vectors

Millions installed 'productivity' Chrome extensions that became malware after acquisition. Here's how browser extensions became enterprise security's weakest link.
Cybernews

AI agents are too easy to fool, with websites now littered with hidden “system override ...

Researchers at Unit 42, a security arm of Palo Alto Networks, have documented real-world attacks, and they’re as dumb as it gets. Hidden text on websites simply asks AI to “ignore previous ...

Until last month, attackers could've stolen info from Perplexity Comet users just by ...

If you wanted to steal local files from someone using Perplexity's Comet browser, until last month you could just schedule ...
Dark Reading

Bug in Google's Gemini AI Panel Opens Door to Hijacking

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources ...

Modern PDF platforms are becoming high-risk attack surfaces

Modern PDF platforms can now function as full attack gateways rather than passive document viewers.

Fake CAPTCHA Scam Tricks Windows Users Into Installing Malware

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.
winbuzzer.com

Google Translate’s Gemini Mode is Vulnerable to Prompt Injection

Google Translate can be tricked into generating dangerous content instead of translations through simple prompt injection attacks discovered this week that exploit its Gemini AI foundation. A Tumblr ...
Forbes

When AI Agents Turn Against You: The Prompt Injection Threat Every Business Leader Must ...

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Prompt injection attacks can manipulate AI behavior in ways that traditional cybersecurity ...
MIT Technology Review

Rules fail at the prompt, succeed at the boundary

Why the first AI-orchestrated espionage campaign changes the agent security conversation Provided byProtegrity From the Gemini Calendar prompt-injection attack of 2026 to the September 2025 ...
Harvard Medical School

Why AI Keeps Falling for Prompt Injection Attacks

Bruce Schneier and Barath Raghavan explore why LLMs struggle with context and judgment and, consequently, are vulnerable to prompt injection attacks. These 'attacks' are cases where LLMs are tricked ...
IEEE

A Novel Ultrasonic Phased-Array Injection Attack on Voice-Controlled Devices

Abstract: Ultrasonic injection attacks have emerged as a critical security threat to voice-controlled devices in the Internet of Things (IoT).However, most existing attack methods are limited to ...
Ars Technica

ChatGPT falls to new data-pilfering attack as a vicious cycle in AI continues

There’s a well-worn pattern in the development of AI chatbots. Researchers discover a vulnerability and exploit it to do something bad. The platform introduces a guardrail that stops the attack from ...