Latest news
Vulnerability
GitLost: How a Single GitHub Issue Can Trick AI Agents Into Leaking Private Repos
8 July 2026 dark6
Researchers at Noma Labs disclosed GitLost, a prompt-injection flaw that let a single crafted GitHub Issue trick AI-powered Agentic Workflows...
Vulnerability
DuneSlide: Critical Zero-Click RCE Bugs in Cursor IDE Put Fortune 500 Developer Machines at Risk
2 July 2026 dark6
Two critical zero-click RCE vulnerabilities (CVE-2026-50548, CVE-2026-50549) in Cursor IDE, dubbed DuneSlide, allow attackers to escape the AI coding agent...
Vulnerability
Microsoft Warns: Claude Code GitHub Action Exploitable via Prompt Injection to Leak CI/CD Secrets
8 June 2026 dark6
Microsoft Threat Intelligence disclosed a prompt injection flaw in the Claude Code GitHub Action that allowed attackers to access /proc/self/environ...
AI
OpenAI Launches ChatGPT Lockdown Mode to Block Prompt Injection Data Exfiltration
8 June 2026 dark6
OpenAI has released ChatGPT Lockdown Mode, a new security feature that disables outbound network capabilities to cut off data exfiltration...
Vulnerability
Google Gemini Voice Assistant Hijacked via WhatsApp, Slack and SMS: Researchers Bypass All Google Defenses
5 June 2026 dark6
SafeBreach researchers demonstrate how attackers can silently hijack Google Gemini through malicious payloads in WhatsApp, Slack, SMS, and other messaging...
AI
AI Supply Chain Attack: 575+ Malicious Skills on Hugging Face and ClawHub Deliver Trojans, Cryptominers, and AMOS Stealer
9 May 2026 dark6
Threat actors have uploaded 575+ malicious AI skills to ClawHub's OpenClaw ecosystem and abused Hugging Face repositories to deliver trojans,...