Anthropic’s browser agent got hijacked 31.5% of the time before safeguards engaged

Anthropic, OpenAI, Google, and Meta published prompt injection disclosures in 2026 — but no two measure the same thing. What ...

A Java library just tried to trick AI coding agents into deleting your tests, and it almost worked

The latest flare-up in the debate over AI-assisted coding did not come from a new model release or a benchmark result. It came from a single ...
Decrypt

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Hackers can hijack ChatGPT, Claude, and Gemini with nothing but a sentence. OpenAI says the problem may never be fully solved.
InfoWorldOpinion

How to stop the AI code generation treadmill

Piling on guardrails is the sign of a system permanently compensating for its own unreliability. There’s a better approach.

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source ...
Morning Overview on MSN

LiteLLM just fell to a full-chain Pwn2Own exploit combining SSRF and code injection — researchers took full system control

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise traffic to large language model providers, and walked away with arbitrary ...
Bleeping Computer

Actively exploited Apache ActiveMQ flaw impacts 6,400 servers

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability.
CSOonline

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java Spring ecosystem. Maintainers of Thymeleaf, a widely used template engine for ...
heise online

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of malicious code. In the “Apache Commons Text” library, developers have ...
InfoWorld

A fresh look at the Spring Framework

The Spring Framework is possibly the most iconic software development framework of all time. It once suffered from a reputation of bloat, but it has long since shed that perception. The heart of ...
GitHub

EasyDI - Dependency Injection for Java

EasyDI is a small dependency injection (DI) library for java projects. It's designed for small projects that don't need a full-blown DI-framework. To be as easy as possible EasyDI has fewer features ...
it-daily.net

SAP closes critical code injection gap in SAP S/4HANA

Just in time for the monthly Patch Day, SAP has published 26 security advisories, including four reports classified as particularly critical. The most serious vulnerability has a CVSS score of 9.9 and ...