Stories by kerng

GitHub Copilot: Remote Code Execution via Prompt Injection (CVE-2025-53773)

Machine Learning Attack Series: Image Scaling Attacks (2020)

Month of AI Bugs (August 2025)

Cross-Agent Privilege Escalation: When Agents Free Each Other

AgentHopper: An AI Virus

Amazon Q Developer: Remote Code Execution with Prompt Injection

AWS Kiro: Arbitrary Code Execution via Indirect Prompt Injection

Amazon Q Developer for VS Code: Remote Code Execution with Prompt Injection

GitHub Copilot: Remote code execution via prompt injection (CVE-2025-53773)

I Spent $500 to Test Devin for Prompt Injection So That You Don't Have To

Cursor IDE: Arbitrary Data Exfiltration via Mermaid (CVE-2025-54132)

Security Advisory: Anthropic's Slack MCP Server Vulnerable to Data Exfiltration

Hosting COM Servers with an MCP Server (AI-Powered Office Automation)

AI ClickFix: Hijacking Computer-Use Agents

ChatGPT: Dump all your memories and chat history for inspection

Latest Gemini models now follow invisible Unicode Tag instructions

Sneaky Bits: Advanced Data Smuggling using just two invisible Unicode characters

ChatGPT Operator: Prompt Injection Exploits and Defenses

Security ProbLLMs in XAI's Grok: A Deep Dive

How to Find XSS in 2024

1
2
3
4
5
6
7
8
9
10