Researchers detail how a prompt injection attack bypassed Apple Intelligence protections

A now corrected issue let researchers circumvent Apple’s restrictions and force the on-device LLM to execute attacker-controlled actions.
SecurityWeek

Apple Intelligence AI Guardrails Bypassed in New Attack

“RSAC estimates that there were at least 200 million Apple Intelligence-capable devices in consumers’ hands as of December ...
MUO on MSN

Yes, you can get malware just by visiting a website

It's not even your browser's fault.
IEEE

Bilevel Cyber-Induced Overloads Mechanism for False Data Injection Attacks Considering Post-Attack Economic Dispatch

Abstract: False data injection (FDI) attacks can mislead the system operator to conduct incorrect dispatch decisions, causing cyber-induced physical line overloads. However, traditional false data is ...

New macOS stealer campaign uses Script Editor in ClickFix attack

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
SecurityWeek

Google DeepMind Researchers Map Web Attacks Against AI Agents

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axi…

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...
Cryptopolitan

Supply chain attack on Axios could compromise crypto wallets

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...