── CATEGORY FILTER ──
Cybersecurity • 9 articles

Cybersecurity articles

═══ CYBERSECURITY ═══
The Prompt Became a Taint Sink
GitHub CodeQL 2.26.0 added system prompt injection detection, pulling AI prompt security into ordinary static analysis and treating prompts like application inputs.
Browser Agents Read The Poisoned Page
Stanford's Real World AI Security conference put BrowseSafe on the program, and the paper shows why prompt injection in browser agents is a web-security problem with real actions attached.
The Bug Finder Became The Patch Factory
OpenAI's Daybreak expansion and Patch the Planet initiative show the AI security race moving from vulnerability discovery into patch production, maintainer burden, and controlled access.
Localhost Was The Hallway
Microsoft's AutoJack research showed how a browsing AI agent could turn a malicious web page into host-level code execution through a local MCP control plane.
The Build Script Was The Backdoor
The Atomic Arch campaign turned trusted-looking AUR packages into a route for rootkit-like credential theft. The old advice to read the build script is starting to look painfully small.
The Repo Opened Back
Microsoft-owned GitHub repositories were disabled after Miasma malware hit Azure and AI coding tool workflows. The repo is no longer passive infrastructure. It is part of the runtime.
The Support Bot Had The Keys
Hackers reportedly tricked Meta's AI support assistant into changing Instagram account emails and handing over reset flows. The failure lived in the permissions.
0wn3d By Slop
ChatGPhish turns ChatGPT page summaries into a phishing surface. The exploit is not glamorous. That is the problem.
The Agent Has Root
Sysdig captured an LLM-driven intrusion that moved from a vulnerable notebook server to an internal PostgreSQL dump in under an hour. The attacker did not need a better exploit. They needed a tireless operator.