Hi, I'm Vivian, a cybersecurity and AI Product Manager trying to keep up with an industry that moves faster than I can whisk up my morning matcha. Every week brings a new wave of vulnerabilities, AI security mishaps, and breaches that keep us on our toes, so I take some time to share the most interesting news instead of letting it all blur together. Let's dive into whats been happening recently in cybersecurity and AI security.
AI Research & Vulnerabilities
Prompt Injection Causes AI Robot to Open Fire on YouTube Creator
A recent experiment demonstrated a critical safety failure when a ChatGPT-powered humanoid robot was tricked into firing a weapon. While the robot initially refused the command to shoot by citing programmed safety protocols, the creator bypassed these guardrails using a "role-play" prompt injection, instructing the AI to act as a character in a fictional scenario. The robot then complied, firing a high-velocity BB gun at the user's chest. This incident highlights the physical danger of connecting LLMs to kinetic hardware, where standard jailbreak techniques can translate into real-world violence.
Study Finds AI Security Cameras Collect Excessive Personal Data
A new investigation reveals that major AI-powered security camera brands, including Amazon Ring, Google Nest, and Arlo, are collecting vast amounts of data unrelated to home security. These include biometric profiles of owners and non-consenting neighbors, purchase history, contact lists, and precise location data. Researchers warn that this surveillance creep turns home safety tools into marketing dragnets, with some vendors like Arlo explicitly sharing device IDs with third-party advertisers.
Google Ads Push macOS Malware via Grok and ChatGPT
Researchers observed a new campaign where attackers abuse Google Ads to direct users toward malicious "shared" conversations on legitimate platforms like ChatGPT and Grok. When users search for macOS troubleshooting or cleanup tips, these ads lead to pre-filled AI chats that provide "helpful" command-line instructions. If the user copies and pastes these commands into their terminal, they unwittingly download and execute the AMOS infostealer, which subsequently exfiltrates sensitive data including passwords, browser cookies, and cryptocurrency wallets.
White House Executive Order Blocks State AI Regulations
The White House issued a new Executive Order establishing a "National Policy Framework for Artificial Intelligence" designed to override state-level regulations in favor of a minimally burdensome federal standard. The directive mandates the DOJ to form an "AI Litigation Task Force" to legally challenge conflicting state laws and instructs the Commerce Department to withhold federal broadband funding from jurisdictions enforcing "onerous" compliance rules. By centralizing oversight and stripping states of the ability to regulate model outputs or algorithmic bias, the order aims to eliminate regulatory fragmentation.
OWASP Top 10 for Agentic Applications 2026 Released
The OWASP GenAI Security Project released the "Top 10 for Agentic Applications 2026," a new standard distinct from its LLM predecessor to address the unique risks of autonomous agents. The framework highlights critical threats like "Agent Goal Hijacking" and "Tool Misuse," where attackers manipulate an agent's planning logic or authorized capabilities to execute real-world harm. By focusing on how agents interact with external APIs, memory, and other agents, the guide underscores that securing agentic AI requires moving beyond prompt filters.
Gartner: Cybersecurity Teams Must Block AI Browsers for Now
Gartner issued new guidance recommending that enterprises immediately block access to AI browsers and agentic web assistants until mature security controls are available. The firm warns that these tools, which autonomously navigate and interact with web content, effectively bypass standard browser protections and data loss prevention filters. Because these agents can execute complex workflows and ingest sensitive corporate data without traditional oversight, Gartner advises treating them as unmanageable shadow IT risks.
Google Reveals "User Alignment Critic" for Gemini in Chrome
Google announced a new framework designed to secure Gemini in Chrome against indirect prompt injection and goal hijacking. The architecture introduces a User Alignment Critic, a secondary, isolated model that vets proposed actions based solely on metadata, ensuring it matches the user's intent without being exposed to potentially malicious web content. Additionally, Agent Origin Sets extend site isolation principles by segregating read-only and read-write permissions per task.
Anthropic Donates MCP to Linux Foundation
Anthropic announced it is donating the Model Context Protocol to the newly established Agentic AI Foundation, a directed fund under the Linux Foundation co-founded with Block and OpenAI. This move, supported by major cloud providers like AWS, Google, and Microsoft, transitions MCP from a vendor-specific tool into an open, community-governed standard for connecting AI agents to external data and systems.
BBVA x ChatGPT Collaboration Signals Shift to "AI-Native" Banking
By equipping its entire workforce with ChatGPT Enterprise, BBVA is attempting to validate the "AI-native" bank model. The partnership aims to integrate banking services directly into ChatGPT, allowing customers to manage cards and accounts via natural language. This massive deployment challenges the financial sector's traditional risk aversion, establishing a test case for whether highly regulated institutions can safely automate decision-making and customer-facing workflows at a global scale.
Google Labs Unveils "Disco" to Turn Browser Tabs into Custom Apps
Google Labs introduced "Disco," an experimental AI-first browser that reimagines web navigation by converting tabs into unified, interactive applications. Powered by Gemini 3, its flagship "GenTabs" feature analyzes a user's open pages and chat history to instantly generate a bespoke mini-app, such as a dynamic travel itinerary or a visual meal planner, without requiring code. Currently available via waitlist for macOS users.
Cybersecurity News
Attackers Abuse PayPal "Subscriptions" to Send Fake Purchase Emails
Scammers are exploiting PayPal's Subscriptions billing feature to send legitimate emails that bypass spam filters and trick users into fearing unauthorized charges. By pausing a subscription for a fake user account that forwards to targets, attackers trigger an official notification from PayPal. However, they manipulate the Customer service URL field to display a fake message claiming a large payment was processed and urging the victim to call a fraudulent support number.
Apple Patches Active Zero-Day Vulnerabilities in iOS 26.2 and iPadOS 26.2
Apple released iOS 26.2 and iPadOS 26.2 to address critical security flaws, most notably two WebKit vulnerabilities that Apple confirms were exploited in "extremely sophisticated attacks" targeting specific individuals. The update also fixes a high-severity Kernel integer overflow allowing root privilege escalation, a privacy bypass exposing "Hidden" album photos without authentication, and a FaceTime flaw permitting caller ID spoofing.
MITRE Releases 2025 CWE Top 25 Most Dangerous Software Weaknesses
MITRE released its 2025 ranking of the most critical software flaws, with Cross-site Scripting retaining the top spot, followed by SQL Injection and CSRF. The list reveals a sharp rise in access control failures, with "Missing Authorization" jumping five spots to fourth place. While memory safety issues like Out-of-bounds Write fell slightly, the re-entry of multiple buffer overflow categories confirms that fundamental memory management vulnerabilities remain a persistent threat.
Malicious VSCode Extensions Hide Trojan in Fake PNG Files
Researchers discovered 19 malicious Visual Studio Code extensions that targeted developers by hiding malware within bundled dependency folders. The attackers bypassed npm registry checks by pre-packaging a modified version of the popular path-is-absolute library, which executed a script to decode a payload hidden inside a fake image file containing a Rust-based trojan. Microsoft has removed the extensions.
Thousands of Exposed Secrets on Docker Hub
Security researchers analyzed public images on Docker Hub over a single month and discovered over 10,000 images containing valid exposed secrets. These leaks ranged from cloud credentials and database keys to AI model tokens, with 42% of compromised images containing five or more secrets each. A significant portion of these leaks originated from "shadow IT" accounts allowing attackers to authenticate directly into production environments, CI/CD pipelines, and sensitive data stores.
New "Spiderman" Phishing Kit Targets European Banks and Crypto Wallets
A new phishing-as-a-service kit dubbed "Spiderman" is actively targeting customers of major European financial institutions, including Deutsche Bank, ING, and Commerzbank, as well as crypto wallet services like Ledger and Metamask. The kit features a modular design that allows operators to deploy pixel-perfect fake login portals and intercept credentials, credit card details, and PhotoTAN/OTP codes in real time, enabling attackers to bypass multi-factor authentication and execute full account takeovers.
That's all for now… Stay informed and protected.