DataBreachToday

Breach Roundup: Mr. Raccoon Wants Your Password

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
Crypto Briefing

AI coding agents hacked via prompt injection, impacting Google and Anthropic markets

AI coding agents from Anthropic and Google were hacked, leading to a drop in confidence; Google’s top AI model by June 2026 ...
SecurityWeek

Exploited Vulnerability Exposes Nginx Servers to Hacking

A critical Nginx UI vulnerability that allows attackers to take full control of servers has been exploited in the wild.

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...
Hackaday

Cellphone Hacks

You may or may not be reading this on a smartphone, but odds are that even if you aren’t, you own one. Well, possess one, anyway — it’s debatable if the locked-down, one-way relationships we have with ...