Latest news

GitLost: How a Single GitHub Issue Can Trick AI Agents Into Leaking Private Repos
Vulnerability

GitLost: How a Single GitHub Issue Can Trick AI Agents Into Leaking Private Repos

8 July 2026 dark6

Researchers at Noma Labs disclosed GitLost, a prompt-injection flaw that let a single crafted GitHub Issue trick AI-powered Agentic Workflows...
DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk
Vulnerability

DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk

2 July 2026 dark6

Two critical zero-click RCE vulnerabilities (CVE-2026-50548, CVE-2026-50549) in Cursor IDE, dubbed DuneSlide, allow attackers to escape the AI coding agent...
Microsoft Warns: Claude Code GitHub Action Exploitable via Prompt Injection to Leak CI/CD Secrets
Vulnerability

Microsoft Warns: Claude Code GitHub Action Exploitable via Prompt Injection to Leak CI/CD Secrets

8 June 2026 dark6

Microsoft Threat Intelligence disclosed a prompt injection flaw in the Claude Code GitHub Action that allowed attackers to access /proc/self/environ...
OpenAI Launches ChatGPT Lockdown Mode to Block Prompt Injection Data Exfiltration
AI

OpenAI Launches ChatGPT Lockdown Mode to Block Prompt Injection Data Exfiltration

8 June 2026 dark6

OpenAI has released ChatGPT Lockdown Mode, a new security feature that disables outbound network capabilities to cut off data exfiltration...
Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses
Vulnerability

Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses

5 June 2026 dark6

SafeBreach researchers demonstrate how attackers can silently hijack Google Gemini through malicious payloads in WhatsApp, Slack, SMS, and other messaging...
AI Supply Chain Attack: 575+ Malicious Skills on Hugging Face and ClawHub Deliver Trojans, Cryptominers, and AMOS Stealer
AI

AI Supply Chain Attack: 575+ Malicious Skills on Hugging Face and ClawHub Deliver Trojans, Cryptominers, and AMOS Stealer

9 May 2026 dark6

Threat actors have uploaded 575+ malicious AI skills to ClawHub's OpenClaw ecosystem and abused Hugging Face repositories to deliver trojans,...