The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.
Opinion
The Fast ModeOpinion

As AI Moves from Tool to Infrastructure, the Attack Surface Expands in Every Direction

AI has steadily woven itself into every corner of security, its influence is only beginning to take shape. Identity is expanding beyond people, compliance is becoming part of everyday defense, and the ...
Cloud Security Alliance

Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems

Explores LPCI, a new security vulnerability in agentic AI, its lifecycle, attack methods, and proposed defenses.
The Economist

Russia’s sabotage campaign is becoming bolder

One is that it marks an intensification of Russia’s cyber campaign in Europe. Russian hackers have long breached European ...
Microsoft

A one-prompt attack that breaks LLM safety alignment

As LLMs and diffusion models power more applications, their safety alignment becomes critical. Our research shows that even minimal downstream fine‑tuning can weaken safeguards, raising a key question ...