❌

Normal view

Just like phishing for gullible humans, prompt injecting AIs is here to stay

Aren't we all just prompting tokens of linguistic meaning and hoping the other person isn't bullshitting us?

kettleΒ  It's a week of the year, which means there's been the discovery of yet another prompt injection attack that will force supposedly well-guarded AI bots to spill secrets by asking the right way. …

Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker

Or, how public information and a €5 tracker exposed an avoidable opsec lapse

Militaries around the world spend countless hours training, developing policies, and implementing best operational security practices, so imagine the size of the egg on the face of the Dutch navy when journalists managed to track one of its warships for less than the cost of some hagelslag and a coffee.…

Lightning-fast exploits make it essential to patch fast, ask questions later

Here's where you ought to spend your security billable hours budget this year

Strengthen your MFA policies, double-down on anti-phishing training, and for Jobs' sake, patch all your vulns right away. The past year of intelligence collected by Cisco's Talos threat hunters suggests that attackers are moving faster to exploit vulns, and fooling more staff than ever into giving up their credentials. …

RSAC 2026: Uncle Sam backs out, and AI agents are everywhere

Infosec pros descend on San Francisco

kettleΒ  When El Reg cybersecurity editor Jessica Lyons joins infosec industry colleagues in San Francisco for RSAC 2026 this week, she's expecting agentic AI to be on everyone's lips - at least those who aren't busy gossiping about the lack of presence from any representatives of the US federal government.…

AI agents spill secrets just by previewing malicious links

10 February 2026 at 18:55

Zero-click prompt injection can leak data when AI agents meet messaging apps, researchers warn

AI agents can shop for you, program for you, and, if you're feeling bold, chat for you in a messaging app. But beware: attackers can use malicious prompts in chat to trick an AI agent into generating a data-leaking URL, which link previews may fetch automatically.…

McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords

Your favorite menu item might be easy to remember but it will not secure your account

Change Your Password Day took place over the weekend, and in case you doubt the need to improve this most basic element of cybersecurity hygiene, even McDonald's – yes, the fast food chain – is urging people to get more creative when it comes to passwords. …

Open-source AI is a global security nightmare waiting to happen, say researchers

Also, South Korea gets a pentesting F, US Treasury says bye bye to BAH, North Korean hackers evolve, and more

Infosec in BriefΒ  As if AI weren't enough of a security concern, now researchers have discovered that open-source AI deployments may be an even bigger problem than those from commercial providers. …

Paranoid WhatsApp users rejoice: Encrypted app gets one-click privacy toggle

Meta also replaces a legacy C++ media-handling security library with Rust

Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option. …

Pwn2Own Automotive 2026 uncovers 76 zero-days, pays out more than $1M

Also, cybercriminals get breached, Gemini spills the calendar beans, and more

infosec in briefΒ  T'was a dark few days for automotive software systems last week, as the third annual Pwn2Own Automotive competition uncovered 76 unique zero-day vulnerabilities in targets ranging from Tesla infotainment to EV chargers.…

CrowdStrike shareholders lose battle to recoup losses from 2024 outage

Investors didn't present a valid claim, says judge, but they're welcome to try again

A group of CrowdStrike shareholders who sued the company over losses sustained following its 2024 global outage will have to head back to the drawing board if they hope to recoup losses, as a Texas judge has deemed they failed to adequately state a claim.…

Mandiant releases quick credential cracker, to hasten the death of a bad protocol

PLUS: Navy spy sent to brig for 200 months; Black Axe busted again; Bill aims to crimp ICE apps; and more

Infosec In BriefΒ  PLUS: Google’s security outfit Mandiant last week released tools that can crack credentials in 12 hours, in the hope that doing so will accelerate the death of an ancient Microsoft security protocol.…

Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork

Office workers without AI experience warned to watch for prompt injection attacks - good luck with that

Anthropic's tendency to wave off prompt-injection risks is rearing its head in the company's new Cowork productivity AI, which suffers from a Files API exfiltration attack chain first disclosed last October and acknowledged but not fixed by Anthropic.…

❌