Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks

Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code.

Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security ...
The Register on MSN

Block CISO: We red-teamed our own AI agent to run an infostealer on an employee laptop

Agents must be 'safer and better than humans,' James Nettesheim tells The Reg exclusive When it comes to security, AI agents are like self-driving cars, according to Block Chief Information Security ...

The 11 runtime attacks breaking AI security — and how CISOs are stopping them

CrowdStrike's 2025 data shows attackers breach AI systems in 51 seconds. Field CISOs reveal how inference security platforms ...

Yes, criminals are using AI to vibe-code malware

"Everybody's asking: Is vibe coding used in malware? And the answer, right now, is very likely yes," Kate Middagh, senior ...
Opinion

IBM's AI agent Bob easily duped to run malware, researchers show

That's apparently the case with Bob. IBM's documentation, the PromptArmor Threat Intelligence Team explained in a writeup provided to The Register, includes a warning that setting high-risk commands ...
ZDNet

How OpenAI is defending ChatGPT Atlas from attacks now - and why safety's not guaranteed

OpenAI built an "automated attacker" to test Atlas' defenses. The qualities that make agents useful also make them vulnerable. AI security will be a game of cat and mouse for a long time. OpenAI is ...
The New York Times

What Is a Grief Attack?

Sudden surges of anguish can accompany intense mourning. That’s not unusual, experts say, and sometimes even helpful. By Christina Caron Jane Griffin, 71, knew that her husband was dying — he had been ...
TechCrunch

OpenAI says AI browsers may always be vulnerable to prompt injection attacks

Even as OpenAI works to harden its Atlas AI browser against cyberattacks, the company admits that prompt injections, a type of attack that manipulates AI agents to follow malicious instructions often ...
CSOonline

HPE OneView vulnerable to remote code execution attack

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately. A maximum severity remote code execution vulnerability in Hewlett Packard ...
Forbes

‘It May Be Worse’—No Fix For New Google Chrome Attacks

Welcome to the future — but be careful. “Billions of people trust Chrome to keep them safe,” Google says, adding that "the primary new threat facing all agentic browsers is indirect prompt injection.” ...
CBSSports.com

Chelsea's Champions League attacking woes explained: Why Enzo Maresca's side have so few attacking chances

On the surface level, Chelsea's 2-1 defeat in Bergamo on Tuesday had the look of one inflicted on them by Enzo Maresca making the wrong adjustments at the back end of the pitch. A midfield of right ...