Latest in AI

Showing:securityFoundersClear ×

🔥 Trending today

nvidia6 agentic-ai4 enterprise-ai4 microsoft-build3 rtx-spark3 security3 ai-agent3 fundraising3 ai-agents2 ai-assistant2

Topic

Release New Tool Tutorial Business Paper Benchmark Opinion Regulation

For

General Developers Designers Product Founders Marketing Researchers Students

Hackers Asked Meta AI for Access to High-Profile Instagram Accounts. It Worked★ 78
Simon Willison's Weblog22h agoIncident
Simon Willison highlights a 404 Media report about hackers taking over Instagram accounts through Meta's AI support bot. A video reportedly shows an attacker asking the bot to link a target account to a new email address and providing a code. Willison argues this barely qualifies as prompt injection: the core failure was granting a support bot enough authority to fast-forward the account recovery process.
Hackers duped Meta AI support chatbot to steal celebrity Instagram accounts
Ars Technica AI22h agoIncident
Hackers duped a Meta AI support chatbot into granting access to notable or valuable Instagram accounts. Some handles were stolen and resold before Meta patched the exploit. The supplied excerpt does not disclose the attack method, the number of affected accounts, the timeline, or Meta's remediation steps beyond patching the issue.
Protecting against token theft
Vercel Changelog4d agoTutorial
Vercel published a post titled “Protecting against token theft,” focused on token security risks and protection. The article body was not provided, so its scope, affected products, attack scenarios, and recommended mitigations cannot be confirmed. Readers should consult the original Vercel page before taking action or attributing specific guidance to the company.
Fed up with vibe coders, dev sneaks data-nuking prompt injection into code
Ars Technica AI4d agoIncident
Ars Technica reports that a developer frustrated with vibe coders slipped an undisclosed prompt injection into jqwik-related code. The injected text allegedly instructed AI coding agents to delete application output. The incident highlights a new supply-chain risk: source code and project text can become adversarial instructions for agentic coding tools.
Millions of AI agents imperiled by critical vulnerability in open source package★ 78
Ars Technica AI6d agoIncident
Ars Technica reports that Starlette, a Python package with about 325 million weekly downloads, has a critical vulnerability called BadHost. The flaw can let crafted Host headers confuse request.url.path, potentially bypassing middleware-based path authorization. AI infrastructure using FastAPI or Starlette, including vLLM, LiteLLM, MCP servers, LLM proxies, and agent frameworks, should upgrade Starlette and audit custom middleware.