Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...

Massive Chrome Extension Scam Exposes 20,000 Users to Data Theft

Researchers linked 108 malicious Chrome extensions to a coordinated campaign that exposed about 20,000 users to data theft, ...

GrafanaGhost: The AI That Leaked Everything Without Being Hacked

A newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why ...
Healthline

Ozempic (Semaglutide): What to Know About Its Uses and Effects

Ozempic injection is approved by the Food and Drug Administration (FDA) for certain uses in people with type 2 diabetes. It can be prescribed off-label to help with weight loss, but it’s not approved ...

108 malicious Chrome extensions found stealing data and injecting ads into every page you visit

Security researchers have uncovered a new coordinated campaign which uses malicious extensions to steal user data and hijack browsing sessions.
Security Boulevard

Your MCP Server Is a Resource Server Now. Act Like It.

Without an identity layer, AI agents accessing enterprise tools create real exposure: data exfiltration through unscoped ...