CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

Microsoft patched a Copilot Studio prompt injection. The data exfiltrated anyway.

Microsoft assigned CVE-2026-21520 to a Copilot Studio prompt injection vulnerability and patched it in January — but in ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Researchers hijacked Claude, Gemini, and Copilot AI agents via prompt injection to steal API keys and tokens. All three ...

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...

GrafanaGhost: The AI That Leaked Everything Without Being Hacked

A newly disclosed vulnerability reveals how AI assistants can become invisible channels for data exfiltration — and why ...

Injectable peptides are the new anti‑aging trend. But what evidence do we have they're safe for humans?

Injectable peptides are the new anti-aging trend sweeping the beauty industry. These compounds are promoted on social media ...