CSO Online

February 2026 Patch Tuesday: Six new and actively exploited Microsoft vulnerabilities addressed

Also today, SAP released 27 new and updated security notes, including two that address critical-severity vulnerabilities.

10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...

Anthropic published the prompt injection failure rates that enterprise security teams have been asking every vendor for

Anthropic's Opus 4.6 system card breaks out prompt injection attack success rates by surface, attempt count, and safeguard ...

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond ...
The Hacker News

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

BeyondTrust fixes CVSS 9.9 pre-auth RCE flaw (CVE-2026-1731) in Remote Support and PRA; 11,000 instances exposed.
The Hacker News

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws to KEV list.
Cloud Security Alliance

Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems

Explores LPCI, a new security vulnerability in agentic AI, its lifecycle, attack methods, and proposed defenses.
WinBuzzer

Google Translate’s Gemini Mode is Vulnerable to Prompt Injection

Google Translate's Gemini integration has been exposed to prompt injection attacks that bypass translation to generate ...