The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits ...

Follows suggestions iPhone-pwning toolset bears hallmarks of zero-days that targeted Russian diplomats Russian cybersecurity outfit Kaspersky is waving away claims that an iPhone exploit kit recently ...

Researchers said a sophisticated exploit kit with 23 iOS vulnerabilities is being used by espionage and cybercrime campaigns.

Research reveals 2,863 public Google API keys can access Gemini endpoints, enabling data exposure and massive billing abuse.

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and ...

A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and exfiltrate data.

An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.

AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexity's ...

Thousands of Google Cloud API keys available online may have given unauthorised access to sensitive Gemini AI endpoints, ...

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...

AI recommendations are decided upstream. Understand the 10-gate pipeline, where brands fail, and how small improvements ...

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally ...