GovInfoSecurity

Breach Roundup: Mr. Raccoon Wants Your Password

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...
GitHub

activity_omtg__coding_003__sql__injection__content__provider.xml

xmlns:android="http://schemas.android.com/apk/res/android" xmlns:app="http://schemas.android.com/apk/res-auto" ...
GitHub

content_omtg__coding_003__sql__injection.xml

android:layout_height="match_parent" android:paddingLeft="@dimen/activity_horizontal_margin" android:paddingRight="@dimen/activity_horizontal_margin" android ...
SecurityWeek

Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google

Google has analyzed AI indirect prompt injection attempts involving sites on the public web and noticed an increase in ...

Three AI coding agents leaked secrets through a single prompt injection. One vendor's system card predicted it

A prompt injection attack hit Claude Code, Gemini CLI, and Copilot simultaneously. Here's what all three system cards reveal ...
CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...
PC World

Conduent hack exposed 25 million medical, Social Security records

Conduent, a major data processor for government programs like Medicaid and private insurers, suffered a breach affecting 25 million Americans’ medical and Social Security records. PCWorld reports the ...
The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.
Indiatimes

McKinsey realises the risk of rapid adoption of AI after hackers gain access to 46.5 million employee chat messages, 728000 ‘sensitive files’ and ...

McKinsey & Company rushed to patch a serious security flaw in its internal AI platform after a cybersecurity researcher gained access to tens of millions of employee chat messages and hundreds of ...
CNN

Pro-Iran hackers claim cyberattack on major US medical device maker

A cyberattack claimed by pro-Iran hackers has caused a “global network disruption” to a major US medical device maker, according to a company statement. Michigan-based Stryker “is experiencing a ...
Forbes

WhatsApp And Signal Accounts Are Under Attack—What You Need To Know

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...