Prompt Injection
-
ChatGPhish flaw can turn ChatGPT summaries into phishing lures
Researchers disclosed ChatGPhish, a ChatGPT flaw that can render malicious links, images and QR codes inside summaries of web pages. The technique may leak browser details and create a new phishing surface during normal browsing.
-
Google patches Antigravity IDE flaw that could enable code execution
Google has patched a flaw in its Antigravity agentic IDE that researchers said could allow code execution through a file-search tool and a bypass of the app’s Strict Mode security controls.
-
Google patched Antigravity sandbox escape bug after prompt injection research
Google fixed an Antigravity vulnerability after researchers said prompt injection could combine with a file-creation capability to bypass secure mode and enable remote code execution in the AI developer tool.
-
Grafana AI flaw could expose enterprise data in zero-click attack
Researchers say a critical Grafana flaw could let attackers use AI-powered dashboards to exfiltrate sensitive data without authentication. Grafana reportedly validated the issue and released a fix after disclosure by Noma Security.
-
CNCERT warns OpenClaw flaws could allow endpoint takeover
China’s CNCERT warned that OpenClaw, a self hosted AI agent, has weak defaults and high privileges that could let attackers seize endpoints. Indirect prompt injection and malicious repositories are cited as exploitation paths.
-
Three flaws in Anthropic mcp-server-git could expose files and enable code execution
Three vulnerabilities in Anthropic’s mcp-server-git could expose or overwrite files and enable code execution in chained attacks. Patches were released in versions 2025.9.25 and 2025.12.18 after a technical analysis by Cyata.
-
Researchers disclose Gemini prompt injection that used calendar invites to exfiltrate meeting data
A Miggo Security technical analysis shared with The Hacker News revealed an indirect prompt injection that used Google Calendar invites to extract private meeting details from Google Gemini. The flaw was fixed after responsible disclosure.
-
Reprompt attack could exfiltrate Microsoft Copilot data with one click
Researchers disclosed Reprompt, a method that can use a single Copilot URL click to inject prompts and enable hidden, ongoing data exfiltration. Microsoft has addressed the issue and enterprise Copilot customers are not affected.
-
AI agents flagged as new insider threat in 2026 by Palo Alto report
A Palo Alto Networks predictions report warns AI agents are a new insider threat in 2026 as Gartner forecasts 40 percent of enterprise apps will adopt task specific agents. The report highlights privilege risk, prompt injection and defensive uses.
-
Google adds User Alignment Critic to Chrome to protect Gemini agentic browsing
Google is introducing a separate, isolated LLM called User Alignment Critic in Chrome to vet actions taken by Gemini-powered agentic browsing. The architecture also uses origin restrictions, user prompts for sensitive steps, prompt-injection detection and automated red-teaming; Google is offering bounties up to $20,000 and has not given a public rollout date.
