Indirect prompt injection (IPI) is an evolving threat vector targeting users of complex AI applications with multiple data sources, such as Workspace with Gemini. This technique enables the attacker to …
Category:
Safety & Security
After some delay, Apple has patched the vulnerabilities associated with the DarkSword exploit chain for all affected customers, even those who aren’t updated to iOS 26 — a boon for …
Safety & Security
Security lapse lets researchers view React2Shell hackers’ dashboard
by David Walker
The attacker crafts a malicious serialized payload designed to abuse the deserialization routine, a technique commonly used to trigger arbitrary object instantiation or method invocation on a server. The payload is sent via an HTTP …
Safety & Security
Please Don’t Feed the Scattered Lapsus ShinyHunters – Krebs on Security
by David Walker
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting …
Safety & Security
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
by David Walker
Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web …
A workplace health and safety program is a formal, structured system an organization uses to identify hazards, mitigate risk, train employees, and maintain regulatory compliance. Effective programs reduce workplace injuries …
I don’t know which professional discipline has had the most effect on the management of work health and safety in Australia, but I do know that accounting …
Two disparate industries, manufacturing and healthcare, share several weaknesses that lead to significant security gaps, especially in password hygiene. To address in the short term will require shifting security culture …
Safety & Security
LangChain path traversal bug adds to input validation woes in AI pipelines
by David Walker
Back to the basics The exploit technique described in the report relies on insufficient input validation and unsafe handling of data across key integration points in AI pipelines. In each …
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing “zero-day” flaws this month (compared to …