SecurityWeek

Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks

A vulnerability in the Ally WordPress plugin exposes over 200,000 websites to sensitive information disclosure via SQL queries.
TechRepublic

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk

Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk Your email has been sent A vulnerability in a widely used WordPress accessibility plugin could allow ...

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without ...
Security Boulevard

LeakyLooker: Hacking Google Cloud’s Data via Dangerous Looker Studio Vulnerabilities

Tenable Research revealed "LeakyLooker," a set of nine novel cross-tenant vulnerabilities in Google Looker Studio. These flaws could have let attackers exfiltrate or modify data across Google services ...
The Hacker News

How to Protect Your SaaS from Bot Attacks with SafeLine WAF

SafeLine self-hosted WAF blocks SaaS bot abuse with 99.45% accuracy, cutting fake sign-ups and stabilizing CPU usage.
VentureBeat

Anthropic published the prompt injection failure rates that enterprise security teams have been asking every vendor for

Run a prompt injection attack against Claude Opus 4.6 in a constrained coding environment, and it fails every time, 0% success rate across 200 attempts, no safeguards needed. Move that same attack to ...
GitHub

SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS). Attack vector: More severe the more the remote (logically and ...
Infosecurity-magazine.com

SQL Injection Flaw Affects 40,000 WordPress Sites

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The ...
CSOonline

Google Gemini flaw exposes new AI prompt injection risks for enterprises

A newly disclosed weakness in Google’s Gemini shows how attackers could exploit routine calendar invitations to influence the model’s behavior, underscoring emerging security risks as enterprises ...
Ars Technica

A single click mounted a covert, multistage attack against Copilot

Microsoft has fixed a vulnerability in its Copilot AI assistant that allowed hackers to pluck a host of sensitive user data with a single click on a legitimate URL. The hackers in this case were white ...
ZDNet

How OpenAI is defending ChatGPT Atlas from attacks now - and why safety's not guaranteed

OpenAI built an "automated attacker" to test Atlas' defenses. The qualities that make agents useful also make them vulnerable. AI security will be a game of cat and mouse for a long time. OpenAI is ...
TechCrunch

OpenAI says AI browsers may always be vulnerable to prompt injection attacks

Even as OpenAI works to harden its Atlas AI browser against cyberattacks, the company admits that prompt injections, a type of attack that manipulates AI agents to follow malicious instructions often ...