No, McDonald’s AI bot didn’t go rogue, but ‘prompt injection’ is still a risk for companies

Once the bot broke character, users had unrestricted, unpaid access to a premium language model directly through the Amazon ...

YubiKey Manager: Security vulnerability allows execution of injected code

Yubico warns of a search path vulnerability in YubiKey Manager, libfido2 and python-fido2. Updates fix the bugs.
DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...
Dark Reading

Bad Memories Still Haunt AI Agents

Anthropic fixed a significant vulnerability in Claude Code's handling of memories, but experts caution that memory files will ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...

Talking to AI agents is one thing — what about when they talk to each other? New startup Band debuts 'universal orchestrator'

Already, BAND's early users — and enterprises more broadly — are mixing and matching AI agents powered by models from various ...
eWeek

The Prompt Engineering Cheat Sheet: How to Write Better AI Prompts

Learn prompt engineering with this practical cheat sheet covering frameworks, techniques, and tips to get more accurate and ...

Another npm supply chain worm is tearing through dev environments

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
Analytics India Magazine

New Research Finds Seven ‘Deadly’ Vulnerabilities in AI Benchmarks

A team of researchers from UC Berkeley have demonstrated that eight AI agent benchmarks can be manipulated to produce ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...