Posts

High-signal AI/security/automation notes.

Filter: All Security / AI CVEs / Research (76)Tool Comparisons (2)Security / AI CVEs / Research (62)Security / AI CVEs / Research (221)

arXiv — EchoLeak: zero-click prompt injection in Microsoft 365 Copilot

2026-01-31 Security

Cisco — Personal AI agents like OpenClaw are a security nightmare

2026-01-31 Security

CrowdStrike — Agentic tool chain attacks (tool poisoning, shadowing, rugpull)

2026-01-31 Security

DataDome — MCP prompt injection & tool poisoning defenses

2026-01-31 Security

INCIBE-CERT — github-kanban-mcp-server command injection (CVE-2026-0756)

2026-01-31 AI CVEs

arXiv — System prompt extraction via code agents (JustAsk)

2026-01-31 Research

LangChain — January 2026 newsletter (agent robustness + observability/evals)

2026-01-31 Security

Microsoft Security Blog — LangChain Core serialization injection (CVE-2025-68664)

2026-01-31 AI CVEs

GitHub Advisory — node-tar hardlink path traversal (CVE-2026-24842)

2026-01-31 Security

Obsidian Security — Langflow account takeover + RCE chain (CVE-2025-34291)

2026-01-31 AI CVEs

Pen Test Partners — Eurostar chatbot guardrail bypass + ID tampering

2026-01-31 Security

Snyk — Clawdbot/Moltbot prompt injection: ‘one email away from disaster’

2026-01-31 Security

GitHub Advisory — vLLM DoS via 1×1 image (CVE-2026-22773)

2026-01-31 AI CVEs

GitHub Advisory — vLLM multimodal SSRF (CVE-2026-24779)

2026-01-31 AI CVEs

vLLM — Mixture-of-Models routing on AMD GPUs (vLLM-SR)

2026-01-31 Research

Wiz — ZeroDay.cloud: cloud + AI infra zero-days

2026-01-31 Security

arXiv/EACL — PHISH: persona jailbreaking via implicit steering in chat history

2026-01-30 Research

arXiv — From prompt injections to protocol exploits

2026-01-30 Research

arXiv — SoK: prompt injection attacks on agentic coding assistants

2026-01-30 Research

arXiv — Thought-Transfer: clean-label poisoning via chain-of-thought traces

2026-01-30 Research