AI agent hacked McKinsey chatbot for read-write access
…Agent hacked McKinsey's chatbot and gained full read-write access in just two hours David and Goliath…but with AI agents Researchers at red-team security startup CodeWall say their AI…
Search
MCP 'design flaw' puts 200k servers at risk: Researcher
…All of the other IDEs and vendors – including Google, Microsoft, and Anthropic – said this was a known issue, or not a valid security vulnerability because it requires explicit user permission to modify…
Documentation can contain malicious instructions for agents
Security AI supply chain attacks don’t even require malware…just post poisoned documentation A proof-of-concept attack on Context Hub suggests there's not much content santization A new service…
Meta, cops deploy AI and handcuffs in scam crackdown
Cyber-crime Meta, international cops use handcuffs and AI to stop scammers 150k accounts nuked, 21 suspects arrested Not every scam starts with malware or a compromised account. Sometimes all it takes…
GitHub: We going to train on your data after all
…Mario Rodriguez, GitHub's chief product officer, would rather you didn't. "By participating, you'll help our models better understand development workflows, deliver more accurate and secure code pattern suggestions, and…
Critical Microsoft Excel bug weaponizes Copilot Agent
Security Critical Microsoft Excel bug weaponizes Copilot Agent for zero-click information disclosure attack Could steal sensitive personal and financial data After a whopper of a Patch Tuesday last month , with six…
Russians posing as Signal support to launch phishing raids
…Signal remains a highly secure way to exchange messages, but not even the best end-to-end encryption can stop intruders if users invite them in. The FBI and CISA offer standard…
Anthropic tweaks Claude usage limits to manage capacity
…AI agents can reason, decide and act - liability question remains AI supply chain attacks don't even require malware…just post poisoned documentation GitHub hits CTRL-Z, decides it will train its…
Anthropic, Google, Microsoft paid AI bug bounties – quietly
Security Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users Researchers who found the flaws scored beer money bounties and warn the problem is probably…
Hundreds compromised daily in Microsoft device code phishes
…through corporate email inboxes and steal financial data. "Since March 15, 2026, we have observed 10 to 15 distinct campaigns launching every 24 hours," Microsoft VP of security research Tanmay Ganacharya told…