Researcher Chains a Guardrail Bypass With a Path Traversal Flaw to Access System Files in ChatGPT
A proof-of-concept disclosed by researcher zer0dac combined social engineering against ChatGPT's own safety logic with a path traversal bug to retrieve restricted system files through the platform's file...
DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk
Two critical zero-click RCE vulnerabilities (CVE-2026-50548, CVE-2026-50549) in Cursor IDE, dubbed DuneSlide, allow attackers to escape the AI coding agent sandbox via prompt injection with no user interaction...
SiderAI and MaxAI Chrome Extensions Expose 10 Million Users to Full Browser Compromise
Critical vulnerabilities dubbed Spyder and MaXSS have been discovered in the SiderAI and MaxAI Chrome extensions, which together are installed on over 10 million devices. The flaws allow...
Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses
SafeBreach researchers demonstrate how attackers can silently hijack Google Gemini through malicious payloads in WhatsApp, Slack, SMS, and other messaging app notifications, bypassing all of Google patched defenses...