SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...
CSO Online

Rogue MCP servers can take over Cursor’s built-in browser

A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser ...
PC World

Hackers can hide AI prompt injection attacks in resized images

“AI” tools are all the rage at the moment, even among users who aren’t all that savvy when it comes to conventional software or security—and that’s opening up all sorts of new opportunities for ...

New AI browsers boast hands-free browsing — but are vulnerable to dangerous ‘prompt injections.’ Here’s how to stay safe

In what’s known as a prompt injection, hackers disguise malicious code as regular content. Once the AI reads it, it can be manipulated into ignoring safety rules and carrying out harmful actions. (1) ...