The Hacker News

Google Gemini Prompt Injection Flaw Exposed Private Calendar Data via Malicious Invites

Cybersecurity researchers have disclosed details of a security flaw that leverages indirect prompt injection targeting Google Gemini as a way to bypass authorization guardrails and use Google Calendar ...
Fox News

Web skimming attacks target major payment networks

Online shopping feels familiar and fast, but a hidden threat continues to operate behind the scenes. Researchers are tracking a long-running web skimming campaign that targets businesses connected to ...
CSOonline

Application Security

Rogue MCP servers can take over Cursor’s built-in browser A new proof-of-concept attack shows that malicious Model Context Protocol servers can inject JavaScript into Cursor’s browser — and ...
The Hacker News

GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection

The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 ...