Microsoft

Detecting and analyzing prompt abuse in AI tools

Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a structured response playbook.

Fortinet closes brute-force and command injection flaws in FortiWeb & Co.

Fortinet closes flaws in FortiWeb and FortiManager, allowing command injection, among other things. FortiGate firewalls were ...

Hackers Pose as IT Staff in Microsoft Teams to Install Malware

Hackers are impersonating IT staff in Microsoft Teams to trick employees into installing malware, giving attackers stealthy access to corporate networks.
Cybernews

AI agents are too easy to fool, with websites now littered with hidden “system override” commands

Don’t act surprised when your AI agent starts printing millions of pages of cabbages, deletes an entire system partition, or sends your life savings to fraudsters – they’re just being helpful.
CSOonline

VMware fixes command injection flaw in Aria Operations

Two other flaws were patched by the virtualization vendor, impacting Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure as well. VMware has released patches for several high- and ...
winbuzzer.com

Microsoft Patches High-Severity Notepad Remote Code Execution Flaw

Microsoft patched a high-severity command injection vulnerability in Windows Notepad through its February 2026 Patch Tuesday updates that allows attackers to execute malicious code remotely via ...
VentureBeat

Anthropic published the prompt injection failure rates that enterprise security teams have been asking every vendor for

Run a prompt injection attack against Claude Opus 4.6 in a constrained coding environment, and it fails every time, 0% success rate across 200 attempts, no safeguards needed. Move that same attack to ...
SecurityWeek

SAP’s January 2026 Security Updates Patch Critical Vulnerabilities

Enterprise software maker SAP on Tuesday announced the release of 17 new security notes as part of its January 2026 Security Patch Day. Four of the notes address critical-severity vulnerabilities. The ...
Infosecurity-magazine.com

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

Researchers at Koi Security have found that three of Anthropic’s official extensions for Claude Desktop were vulnerable to prompt injection. The vulnerabilities, reported through Anthropic's HackerOne ...
GitHub

Apache Airflow has a command injection vulnerability in "example_dag_decorator"

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack Vector: This metric reflects the context by which vulnerability ...
Bleeping Computer

TP-Link warns of critical command injection flaw in Omada gateways

TP-Link is warning of two command injection vulnerabilities in Omada gateway devices that could be exploited to execute arbitrary OS commands. Omada gateways are marketed as full-stack solutions ...