Y Hacker News new | ask | show | jobs

user: kerng created: 2018-02-22 karma: 6202 submissions: Copirate 365: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299) 2 points | 0 comments The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] 6 points | 0 comments 0 points | 0 comments GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773) 128 points | 18 comments Machine Learning Attack Series: Image Scaling Attacks (2020) 3 points | 0 comments Month of AI Bugs (August 2025) 3 points | 0 comments Cross-Agent Privilege Escalation: When Agents Free Each Other 3 points | 0 comments AgentHopper: An AI Virus 6 points | 0 comments Amazon Q Developer: Remote Code Execution with Prompt Injection 2 points | 0 comments AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection 5 points | 0 comments Amazon Q Developer for VS Code: Remote Code Execution with Prompt Injection 5 points | 1 comments GitHub Copilot: Remote code execution via prompt injection (CVE-2025-53773) 15 points | 2 comments I Spent $500 to Test Devin for Prompt Injection So That You Don't Have To 4 points | 0 comments Cursor IDE: Arbitrary Data Exfiltration via Mermaid (CVE-2025-54132) 4 points | 0 comments 0 points | 0 comments Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration 5 points | 0 comments Hosting COM Servers with an MCP Server (AI-Powered Office Automation) 3 points | 0 comments AI ClickFix: Hijacking Computer-Use Agents 4 points | 0 comments ChatGPT: Dump all your memories and chat history for inspection 3 points | 0 comments Latest Gemini models now follow invisible Unicode Tag instructions 5 points | 0 comments Sneaky Bits: Advanced Data Smuggling using just two invisible Unicode characters 2 points | 0 comments ChatGPT Operator: Prompt Injection Exploits and Defenses 5 points | 0 comments Security ProbLLMs in XAI's Grok: A Deep Dive 1 points | 0 comments How to Find XSS in 2024 3 points | 0 comments Spyware Injection into ChatGPT's Long-Term Memory (SpAIware) 5 points | 0 comments Microsoft Copilot: Prompt Injection, ASCII Smuggling and Exfiltration of Emails 3 points | 0 comments Google Colab AI: Data Leakage Fixed. Some Risks Remain 5 points | 0 comments Breaking Instruction Hierarchy in OpenAI's GPT-4o-mini 3 points | 0 comments Prompt Injections in the Wild – Exploiting LLM Agents – Hitcon 2023 [video] 3 points | 0 comments GitHub Copilot: From Prompt Injection to Data Exfiltration 7 points | 0 comments