Researchers said the information disclosure zero-day exposes sensitive information that attackers can use to undermine defenses and make other exploits more reliable.

The company says it has no evidence the bug was exploited before October’s patch, but researchers say AI agent configuration can still enable prompt-injection style abuse.

Roughly 100,000 servers running the automated workflow platform for AI and other enterprise tools are potentially exposed to exploitation.

OpenAI is warning that prompt injection, a technique that hides malicious instructions inside ordinary online content, is becoming a central security risk for AI agents designed to…

The high-severity vulnerability is under active exploitation and affects many versions of MongoDB, a nearly ubiquitous open-source database.

Cisco has yet to release a patch for the actively exploited vulnerability, and attacks have been underway since at least late November.

Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE…

Researchers said attackers linked to Russia’s military intelligence agency have moved from vulnerability exploits to focus on poorly configured network edge devices to keep its access to…

Researchers warn that half of the exposed vulnerable instances remain unpatched as in-the-wild exploitation grows rapidly.

The comments echo many in the research community who have said the flaw is an inherent trait of generative AI technology.