Prompt Injection Became Serious Enough for ICML to Police in Peer Review
Prompt injection is an LLM attack that makes a model follow untrusted instructions hidden in user input or external content,…
-
-
VS Code Token Theft Lands; Soundbar Becomes a Keyboard; Web PKI Starts Moving; Espressif Raises the Floor; Elixir Typing Gets Real
The biggest security story today is VS Code token theft, not because one bug landed, but because it exposed how…
-
Red Hat Scope Turns Hostile; Weather Balloons Beat Public Models; FriendliAI Sells Spare GPU Cycles; CERN Anomaly Stays Below Discovery
The top story is the Red Hat npm incident, because it breaks the usual safety shortcut. Red Hat npm compromise…
-
Heretic Turns Guardrails Into Forks; AI Security Adds Another Alert Stream; Transformer Doubt Goes Public
The sharpest story today is Heretic, because it turns model safety from a lab policy into a forkable artifact. Elsewhere,…
-
GitHub says poisoned VS Code extension exposed 3,800 repos
GitHub said on 20 May that a compromised employee device running a poisoned VS Code extension led to the exfiltration…
-
Firefox Zero-Day: Mozilla Says Claude Mythos Found 271 Bugs
Mozilla said this week that its Firefox zero-day hardening work with an early version of Claude Mythos Preview helped identify…
-
11 Minutes, $1.73, and GPT-5.5 Cybersecurity Simulation
The UK AI Security Institute says GPT-5.5 cybersecurity simulation results now look a lot less like a one-off milestone and…
-
125 Words, No Account Cues: AI Identifies Writer From Style
Anthropic’s Claude Opus 4.7 reportedly identified journalist Kelsey Piper from 125 words of unpublished text, and the details of her…
-
SMS Blaster Bust Exposes the Limits of SMS Trust
Toronto police say they seized several devices they describe as an SMS blaster, a fake-cell-tower tool used to send fraudulent…
