Ars Technica

Newly detected SQL injection attack snags Apple in wide net

A new series of mass SQL injection attacks has planted links to malware sites and hidden iframes in over a million webpages, including parts of Apple’s website. The technique is similar to a standard ...
Computer Weekly

NCSC warns of confusion over true nature of AI prompt injection

Malicious prompt injections to manipulate generative artificial intelligence (GenAI) large language models (LLMs) are being ...
Ars Technica

Week in Apple: kickbacks, SQL attacks, and Facebook

It was a quiet week in Apple news, but the company still got snagged in some SQL injection attacks, a former manager was charged with taking kickbacks, and Facebook added check-ins to its iPhone app.
Yahoo Finance

Perplexity Comet Flaw Exposed User Data to Attackers, Brave Reports

Brave Software has uncovered a security flaw in Perplexity AI’s Comet browser that showed how attackers could trick its AI assistant into leaking private user data. In a proof-of-concept demo ...
Bleeping Computer

CISA urges devs to weed out OS command injection vulnerabilities

CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping. Velvet Ant, the Chinese state-sponsored threat ...

Prompt injection attacks might 'never be properly mitigated' UK NCSC warns

Prompt injection and SQL injection are two entirely different beasts, with the former being more of a "confusable deputy".