News

AI-powered Cursor IDE vulnerable to prompt-injection attacks
A vulnerability that researchers call CurXecute is present in almost all versions of the AI-powered code editor Cursor, and ...
CSOonline1mon
First-ever zero-click attack targets Microsoft 365 Copilot
EchoLeak shows that enterprise-grade AI isn’t immune to silent compromise, and securing it isn’t just about patching layers. “AI agents demand a new protection paradigm,” Garg said.
Townhall28d
To Win the Tech Arms Race, America Can’t Ignore Microsoft’s ...
The “EchoLeak,” as the security flaw is known, is the first known AI security vulnerability that doesn’t require users to click a link to become infected.
Hosted on MSN1mon
Hackers successfully attacked an AI agent, Microsoft fixed the flaw ...
But, as the report by Fortune suggests, the vulnerability had a name, EchoLeak, and behind it, a sobering truth: hackers had figured out how to manipulate an AI assistant into leaking private data ...
Hosted on MSN1mon
First ever security flaw detected in an AI agent, could allow ... - MSN
The vulnerability, called EchoLeak, allowed attackers to silently steal sensitive data from a user's environment by simply sending them an email. No clicks, downloads, or user actions were needed.
Morningstar1mon
Aim Security Launches Aim Labs with Elite Researchers ... - Morningstar
EchoLeak is a reminder that even robust, enterprise-grade AI tools can be leveraged for sophisticated and automated data theft," said Itay Ravia, Head of Aim Labs.