A sandbox bypass in Cursor's agentic mode lets attackers poison shell environment variables through implicitly trusted built-ins, converting approved commands like git branch or python3 into arbitrary code execution.
CVEs, exploits, and security flaws in AI frameworks, models, and infrastructure.
A sandbox bypass in Cursor's agentic mode lets attackers poison shell environment variables through implicitly trusted built-ins, converting approved commands like git branch or python3 into arbitrary code execution.
A vulnerability in Discourse's AI content triage feature lets a malicious user craft a post that prompt-injects the LLM into returning JavaScript, which is then rendered unescaped in the admin review queue. Patch available.
Novee Security disclosed Cordyceps, a class of GitHub Actions vulnerabilities exploitable by any free GitHub account. AI coding agents are amplifying the problem by reproducing the same insecure patterns at scale.
Zafran Security disclosed four authorization vulnerabilities in Dify, the AI platform powering over one million applications, that allow cross-tenant AI conversation exfiltration — some without any authentication beyond a free account.
Johann Rehberger's DEF CON Singapore research demonstrates how indirect prompt injection chains into Microsoft Copilot's memory feature to plant a persistent backdoor — one that survives across every future session, not just the compromised one.