There’s no rogue McDonald’s AI bot, but ‘prompt injection’ is still a risk for companies

People hacking branded AI bots can result in significant reputational, financial, and legal consequences. There appears to be ...
TechJuice

This Popular AI Tool Was Hacked in Just 36 Hours (Here’s What Attackers Stole)

A critical pre-authentication SQL injection vulnerability in BerriAI’s LiteLLM Python package came under active exploitation ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...
Threat Post

Java, Python FTP Injection Attacks Bypass Firewalls

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. Newly disclosed FTP injection ...