5 results found
A critical flaw dubbed "AI tool poisoning" has been uncovered in enterprise AI agent security. The vulnerability exploits AI agents' reliance on unverified tool descriptions, rendering traditional software supply chain controls insufficient for ensuring behavioral integrity. A new runtime verification layer, using behavioral specifications and a proxy, is proposed to validate tool actions and prevent sophisticated attacks like prompt injection and behavioral drift.
React2Shell (CVE-2025-55182) was a critical RCE vulnerability in React's Flight protocol, discovered by unpicking its undocumented internal workings. It leveraged how Flight deserializes complex objects and how `await` leniently handles "thenables," ultimately allowing attackers to execute arbitrary code by manipulating React's internal promise resolution logic.
Quick Verdict Apple's latest minor update, iOS/iPadOS 26.4.2, isn't just another incremental patch; it's a critical security fix addressing a significant privacy vulnerability. This update mends a flaw that allowed for
DJI will pay security researcher Sammy Azdoufal $30,000 for discovering critical vulnerabilities in its Romo robot vacuums. Azdoufal accidentally accessed a network of 7,000 Romo devices, exposing privacy risks including PIN-less video access. While some issues are patched, a more severe vulnerability is still being addressed, with full system upgrades expected within a month.
Phison CEO Pua Khein-Seng warns of a severe RAM crunch by late 2026, threatening product line cuts and even company failures due to component shortages. This dire prediction, confirmed by sources to The Verge, highlights a critical vulnerability in the global tech supply chain.
