OpenAI patches flaw allowing silent data leakage from ChatGPT conversations

What happens when researchers think outside the box? Data gets exfiltrated through DNS.
Morning Overview on MSN

Researchers warn of Vertex AI agent flaw that could expose cloud data and code

Security researchers have identified a vulnerability in Google’s Vertex AI agent framework that could allow attackers to ...
SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

The key is that researchers can see how Claude Code is meant to work but cannot recreate it because the leak does not include ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
GovInfoSecurity

How Prompt Injection Attacks Undermine AI Guardrails

Large language models are inherently vulnerable to prompt injection attacks, and no finite set of guardrails can fully ...
The Hacker News

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

ChatGPT and Codex flaws patched Feb 2026 exposed DNS exfiltration and GitHub tokens, raising enterprise AI security risks.
CPO Magazine

Claude “Claudy Day” Attack Chain Leverages Vulnerability in Search Results

A new vulnerability chain discovered by Oasis Security can compromise the Claude AI chatbot and does not require the target ...

‘GrafanaGhost’ vulnerability allowed for silent data exfiltration through AI workflows

Dubbed “GrafanaGhost,” the vulnerability could have let an attacker bypass both client-side protections and AI guardrails to send private data from a Grafana environment to an external server without ...