Posts

High-signal AI/security/automation notes.

Filter: All AI CVEs (44)Tool Comparisons (2)Research (38)Security (107)

Google Developers Blog — Gemini CLI hooks for policy & automation

2026-01-30 Security

Google: Gemini 3 in Chrome adds an agentic ‘auto browse’ workflow

2026-01-30 Security

GreyNoise — Threat actors actively targeting exposed LLM endpoints

2026-01-30 Security

Bitdefender — Android dropper used Hugging Face datasets to deliver RAT payloads

2026-01-30 Security

IEEE Spectrum — Why LLMs keep falling for prompt injection (and why agents raise the stakes)

2026-01-30 Research

Kaspersky — OWASP Agentic Top 10 (2026): practical risks + controls for AI agents

2026-01-30 Security

Kyverno (CVE-2026-22039) — Namespaced Policy apiCall can cross namespace boundaries

2026-01-30 AI CVEs

Model Context Protocol — MCP Apps: UI components inside agent chats

2026-01-30 Security

arXiv — Breaking the Protocol: MCP security analysis (capability attestation + origin auth gaps)

2026-01-30 Research

NVD — MCP TypeScript SDK UriTemplate ReDoS (CVE-2026-0621)

2026-01-30 AI CVEs

Microsoft: runtime inspection to block risky AI agent tool calls

2026-01-30 Security

Microsoft — CVE-2026-21509 (Office) emergency out-of-band fix

2026-01-30 AI CVEs

Microsoft — turning threat reports into detection insights with AI

2026-01-30 Security

n8n: sandbox escape bugs lead to full RCE in self-hosted instances

2026-01-30 Security

NIST/CAISI — RFI on security practices for AI agents

2026-01-30 Security

OpenAI — Hardening ChatGPT Atlas against prompt injection

2026-01-30 Security

GitHub Advisory — Orval MCP generation code injection risk (CVE-2026-22785)

2026-01-30 AI CVEs

arXiv: SoK on prompt injection attacks against agentic coding assistants

2026-01-30 Research

Varonis — Reprompt: single-click Copilot prompt injection chain for silent data exfiltration

2026-01-30 Security

Varonis — Reprompt one-click Copilot session hijack (patched)

2026-01-30 Security