Security Boulevard

Beyond Prompt Injection: The Hidden AI Security Threats in Machine Learning Platforms

What’s the first thing you think of when you hear about ai security threats and vulnerabilities? If you’re like most people, your mind probably jumps to Large Language Model (LLM) ...
Security Boulevard

Invisible Threats: Source Code Exfiltration in Google Antigravity

Source Code Exfiltration in Google Antigravity‍TL;DR: We explored a known issue in Google Antigravity where attackers can ...

SafePrompt Launches Prompt Injection Protection API for AI Developers

Developer-first security tool blocks AI manipulation attacks in under 100 milliseconds with a single API call Our goal ...
CSOonline

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and potentially leverage the IDE’s privileges to perform system tasks.
Dark Reading

'Lies-in-the-Loop' Attack Defeats AI Coding Agents

A new type of attack on artificial intelligence (AI) coding agents lets threat actors convince users to give permission to the AI to do dangerous things that ultimately could result in a software ...
CRN

ConnectWise ScreenConnect Vulnerability Exploited: CISA

The ConnectWise ScreenConnect vulnerability, which earlier this year was identified as a potential way for threat actors to perform ViewState code injection attacks, is now being exploited, according ...
Bleeping Computer

AI-powered Cursor IDE vulnerable to prompt-injection attacks

A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and can be exploited to execute remote code with developer privileges. The ...