PCMag

OpenAI Rolls Out Lockdown Mode to Fight Prompt Injection Attacks

The new feature promises increased protection against these types of attacks, but you'll have to sacrifice a lot of functionality, including live web browsing and image retrieval from the web.
The Next Web

A single GitHub issue could have hijacked Anthropic’s own Claude Code action and poisoned every project that uses it

A flaw in Claude Code's GitHub Action let attackers bypass permission checks via fake bots and steal OIDC tokens through prompt injection.
Graham Cluley

Smashing Security podcast #470: This AI security flaw might be impossible to fix

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels.