A now corrected issue let researchers circumvent Apple’s restrictions and force the on-device LLM to execute attacker-controlled actions.

“RSAC estimates that there were at least 200 million Apple Intelligence-capable devices in consumers’ hands as of December ...

It's not even your browser's fault.

Abstract: False data injection (FDI) attacks can mislead the system operator to conduct incorrect dispatch decisions, causing cyber-induced physical line overloads. However, traditional false data is ...

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous ...

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

Large language models are inherently vulnerable to prompt injection attacks, and no amount of hardening will ever fully close that gap. The imbalance between available attacks and available ...

AI assistants are rapidly becoming a core part of workplace productivity, but new research suggests they may also introduce a previously overlooked phishing vector. Permiso researchers found that ...