Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

In 2025 and 2026, several independent sources have highlighted the same trend: Prompt injection remains one of the most ...
The Hacker News

Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability

Island found dormant JavaScript injection paths in Adblock for YouTube, a Chrome extension with 10M+ installs, raising ...

Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
Searchenginejournal.com

WebMCP Can Be Used To Hijack AI Agents, Chrome Warns

Google Chrome is warning developers that WebMCP tools can be used to manipulate and hijack AI agents. New guidance outlines how attackers can manipulate agents operating in a user’s browser, including ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Security Boulevard

When Proxies Become Attack Vectors Through Header Injection

Many modern web applications rely on the flawed assumption that backends can blindly trust security-critical headers from upstream reverse proxies. This assumption breaks down because HTTP RFC ...
Security Boulevard

Introducing Augustus: Open Source LLM Prompt Injection Tool

Last month we released Julius, a tool that answers the question: “what LLM service is running on this endpoint?” Julius identifies the infrastructure. But identification is only the first step. The ...
Dark Reading

AI Agents Undermine Progress in Browser Security

Browser security is far from perfect, but technologists and cybersecurity researchers have built a security model that, for the most part, works. However, artificial intelligence (AI) agents could be ...
The Business Journals

Enable Injections raises $30M in midst of $120M manufacturing push

To continue reading this content, please enable JavaScript in your browser settings and refresh this page. Preview this article 1 min One of Cincinnati's best-funded ...
SlashGear

5 Reasons Why You Should Not Switch To An AI Browser

The topic of artificial intelligence is the talk of the town right now. If you turn on the TV to your local news station, odds are you'd hear the "AI" abbreviation more times than you can count. There ...
LinkedIn

How to Detect and Prevent JavaScript Injection Attacks on Websites

Most modern sites run significant third-party code in the user’s browser. The Web Almanac 2022 reports that the top 1,000 sites load an average of 43 third-party domains on mobile and 53 on desktop, ...