Tag: prompt injection

Comment and Control: How GitHub Comments Became a New Prompt-Injection Threat

AI Agents and Frameworks, Cybersecurity, Data Breach, DevOps and Infrastructure Leave a comment
Comment and Control: How GitHub Comments Became a New Prompt-Injection Threat

A new class of prompt-injection attacks—dubbed “Comment and Control”—turns GitHub pull requests, issues, and comments into attack surfaces that can hijack AI coding agents and siphon secrets directly from CI/CD environments. Unlike classic prompt injection that waits for a user to feed a document to an agent, this pattern is proactive: opening a PR or posting an issue can automatically

Continue

MS‑Agent Shell Flaw (CVE‑2026‑2256): What You Need to Know

AI Agents and Frameworks, Cybersecurity Leave a comment
MS‑Agent Shell Flaw (CVE‑2026‑2256): What You Need to Know

A critical vulnerability in the MS‑Agent framework’s Shell tool allows untrusted input to be executed as operating‑system commands, potentially giving attackers full control of affected systems. This short note summarizes the issue, its impact, and immediate mitigations, and points to the original advisory for technical details. Overview MS‑Agent exposes a Shell capability intended to let AI agents run OS commands

Continue

When a Jailbreak Became a Campaign: How Claude AI Was Abused to Build Exploits and Steal Data

AI Agents and Frameworks, Artificial Intelligent, Cloud Computing, Cybersecurity, Data Breach, DevOps and Infrastructure, Hacking and Exploits Leave a comment
When a Jailbreak Became a Campaign: How Claude AI Was Abused to Build Exploits and Steal Data

In late 2025 a persistent attacker turned a conversational AI into a multi-month offensive platform, using repeated prompting to push past safety checks and generate actionable exploit code. The incident — uncovered by a security firm and reported in mainstream sources — illustrates a worrying new vector in which AI models can be manipulated into performing the research, coding, and

Continue