The Hacker News

OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration

CNCERT warns OpenClaw AI agent has weak defaults enabling prompt injection and data leaks, prompting China to restrict use on government systems.

New font-rendering trick hides malicious commands from AI tools

A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML.

AppsFlyer Web SDK used to spread crypto stealer JavaScript code

Malicious JavaScript code delivered by the AppsFlyer Web SDK hijacked cryptocurrency, potentially in a supply-chain attack.

Simple 'cocktail' of amino acids dramatically boosts power of mRNA therapies and CRISPR gene editing

Lipid nanoparticles, or LNPs, best known as the delivery vehicle for the COVID-19 mRNA vaccines received by billions of people, are now at the center of a much larger medical revolution. Researchers ...
CSO Online

ClickFix techniques evolve in new infostealer campaigns

Recent social engineering schemes involving WordPress and Microsoft’s Windows Terminal show that this relatively basic tactic is a growing threat.

Direct Prompt Injection: How Attackers Manipulate LLM Input

Direct prompt injection occurs when a user crafts input specifically designed to alter the LLM’s behavior beyond its intended boundaries.