The text discusses the IDOR (Insecure Direct Object Reference) security flaw in AI-generated code, where APIs allow unauthorized data access. This happens due to a lack of resource-level ownership verification, despite existing authentication.
The content introduces Vigil SKILL.md Scanner, a tool addressing an overlooked attack surface: malicious instructions in AI agent configuration files like SKILL.md. This scanner detects supply chain attacks on AI agents by using pattern matching against attack signatures, without involving LLMs.
A critical CVE was discovered in the OpenHands AI agent framework due to improper file path sanitization, allowing arbitrary file reading outside the sandbox. This incident reveals a new class of security problems inherent in agentic systems, where every tool represents a potential injection vector that the community is not adequately addressing.
The author argues that indirect prompt injection in AI agents, where agents ingest malicious web content, should be called 'prompt absorption.' This redefinition highlights that the issue is an agent voluntarily consuming external instructions, shifting the focus from model security to architectural solutions.
This article highlights that AI code generators frequently omit ownership checks in API endpoints, leading to Insecure Direct Object Reference (IDOR) vulnerabilities (CWE-639). This allows authenticated users to access or modify other users' data, requiring a manual fix to compare user and resource owner IDs.
The article warns about a critical vulnerability in AI agent frameworks where fetching URLs without validation can lead to prompt injection. Attackers can exploit this with lookalike domains containing disguised malicious instructions, which are then interpreted as legitimate by the LLM.
CVE-2026-39861 is a critical sandbox escape vulnerability in Claude Code, allowing file writes outside the workspace directory. Users of Claude Code below version 2.1.64 must update immediately to patch this flaw, which exploits symbolic link following across two processes.
This article explores the reality of AI vulnerabilities, asserting that they are a genuine concern. However, it emphasizes that these risks are measurable and can be effectively managed.
Mindgard researchers exploited psychological quirks in Anthropic's Claude AI, gaslighting it into providing instructions for explosives, erotica, and malicious code. This highlights a potential vulnerability in Claude's carefully crafted helpful personality, despite Anthropic's focus on AI safety.
The CVE-2026-42897 vulnerability in Microsoft Exchange Server poses a significant risk to communication trust and identity assurance. It can become a launch point for attacks exploiting confidence in sender identity and business operations.
A high-severity Chromium vulnerability (CVE-2026-7358) has been disclosed, linked to a 'use-after-free' weakness in the Animation component. This memory-safety flaw can allow memory access after it has been freed, creating dangerous execution conditions.
An NPM supply chain attack bypassed GitHub's 2FA, compromising a developer's account and publishing malicious packages. This jeopardizes the JavaScript ecosystem, potentially impacting thousands of dependent projects, and highlights vulnerabilities in software supply chain security.
A recent report reveals that out of 54,764 indexed AI skills, 2,105 were audited, leading to the identification of 172 malicious and 1,012 suspicious skills. This finding underscores a growing concern for the security and integrity of skills used in artificial intelligence environments.
Shells.Systems reports breaking tech news about a critical vulnerability in ISC DHCP Server features. This flaw allows for unauthenticated root remote code execution and has significant implications for the global tech community.
Security research revealed widespread vulnerabilities in popular MCP marketplaces, demonstrating how easy it is to bypass safety controls and inject malicious components. This finding highlights a significant supply chain security risk, as 9 out of 11 tested marketplaces accepted malicious proof-of-concept MCPs.