The Hacker News

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Chrome CVE-2026-0628 let malicious extensions hijack Gemini panel for privilege escalation, local file access, and ...

Until last month, attackers could've stolen info from Perplexity Comet users just by sending a calendar invite

AI browsing agent left local files open for the taking If you wanted to steal local files from someone using Perplexity's ...
Security Boulevard

N8N: Shared Credentials and Account Takeover

Executive Summary We identified a security weakness in n8n’s credential management layer that could have completely ...

Bing Adds GEO To Official Guidelines, Expands AI Abuse Definitions

Bing rewrote its webmaster guidelines to cover Copilot grounding, meta directive controls for AI answers, and a softened ...

Modern PDF platforms are becoming high-risk attack surfaces

Modern PDF platforms can now function as full attack gateways rather than passive document viewers.
WinBuzzer

Chrome Gemini Flaw Let Rogue Extensions Hijack AI Panel

A high-severity Chrome vulnerability has allowed malicious extensions to exploit the Gemini panel and gain elevated access to camera, microphone, and files.
InfoWorld

Angular releases patches for SSR security issues

Server-side rendering vulnerabilities could allow attackers to steal authorization headers or perpetrate phishing and SEO ...
CNBC

Pfizer says obesity injection shows promise as monthly treatment in mid-stage trial

Pfizer said its experimental obesity drug, which it acquired through Metsera, drove solid weight loss when taken once a month in a mid-stage trial. The data offer early evidence that the injection can ...
SecurityWeek

Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant

A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and ...
The Guardian

‘Penis injection’ claims in Winter Olympics ski jumping investigated by Wada

‘If anything was to come to the surface we’d look at it’ During its 26-year history the World Anti-Doping Agency has faced thousands of questions about athletes using illicit substances. Thursday, ...

This high-severity Chrome Gemini vulnerability lets malicious extensions spy on your PC

A bug in Google Chrome's Gemini AI feature could expose your data or allow attackers to monitor you. Here's how to stay ...
SecurityWeek

GitHub Issues Abused in Copilot Attack Leading to Repository Takeover

Orca has discovered a supply chain attack that abuses GitHub Issue to take over Copilot when launching a Codespace from that ...