The latest update to CISA's Known Exploited Vulnerabilities catalog flags CVE-2025-37164, a code injection vulnerability in ...

Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security ...

CISA warns that CVE-2025-37164, a maximum-severity HPE OneView vulnerability leading to remote code execution, has been exploited in the wild.

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could ...

Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway ...

Threat actors are exploiting CVE-2026-0625, a critical zero-day vulnerability in discontinued D-Link devices for remote code ...

A critical flaw in legacy D-Link DSL routers lets unauthenticated attackers run commands and hijack DNS, with active ...

Earlier this week, security researchers from VulnCheck announced finding a command injection vulnerability due to improper ...

"The affected endpoint is also associated with unauthenticated DNS modification ("DNSChanger") behavior documented by D-Link, ...

That's apparently the case with Bob. IBM's documentation, the PromptArmor Threat Intelligence Team explained in a writeup provided to The Register, includes a warning that setting high-risk commands ...

From data poisoning to prompt injection, threats against enterprise AI applications and foundations are beginning to move from theory to reality.

AI helps security teams move faster — but it’s also helping attackers do the same, turning cybersecurity into a race of ...