News

Prompt injection and an expired domain could have been used to target Salesforce’s Agentforce platform for data theft. The attack method, dubbed ForcedLeak, was discovered by researchers at Noma Security, a company that recently raised $100 million for its AI agent security platform. Salesforce Agentforce enables businesses to build and deploy autonomous AI agents across functions such as sales, marketing, and commerce. These agents act independently to complete multi-step tasks without constant human intervention. The…

Read More

Jaguar Land Rover said Tuesday that its production lines, shut down after a cyberattack in August, will remain at a halt until at least Oct. 1. Britain’s biggest automaker sent workers home from its factories in central and northwest England on Aug. 31. The shutdown has rippled through the U.K. auto industry. JLR, which is owned by India’s Tata Motors, employs more than 30,000 people, with its supply chain supporting tens of thousands more jobs.…

Read More

Toronto, Canada-based company Mycroft emerged from stealth on Monday with a solution designed to help organizations manage and operate their security and IT stack with the aid of autonomous AI agents. Mycroft has raised $3.5 million in seed funding in a round led by Luge Capital, with participation from Brightspark Ventures, Graphite Ventures, Ripple Ventures, Developer Capital, Antler, BoxOne Ventures, and angel investors. The company has developed a platform that acts as an AI Security…

Read More

Fallout from a cyberattack that disrupted check-in systems at several European airports extended into a second full day on Sunday, as passengers faced dozens of canceled and delayed flights — and the impact poised to worsen for at least one major airport. Brussels Airport, seemingly the hardest hit, said it asked airlines to cancel nearly 140 departing flights scheduled for Monday because a U.S.-based software system provider “is not yet able to deliver a new…

Read More

Researchers at web security company Radware recently discovered what they described as a service-side data theft attack method involving ChatGPT.  The attack, dubbed ShadowLeak, targeted ChatGPT’s Deep Research capability, which is designed to conduct multi-step research for complex tasks. OpenAI neutralized ShadowLeak after it was notified by Radware. The ShadowLeak attack did not require any user interaction. The attacker simply needed to send a specially crafted email that when processed by the Deep Research agent…

Read More

SecurityWeek’s Attack Surface Management Virtual Summit is now LIVE and runs today from 11AM – 4PM ET. Join the online event where cybersecurity leaders and practitioners will dive into the strategies, tools, and innovations shaping the future of ASM. As digital assets and cloud services continue to expand, defenders are shifting tactics to continuously discover, inventory, classify, prioritize, and monitor their attack surfaces. This summit brings together experts to share real-world lessons, emerging trends, and practical…

Read More

CrowdStrike on Tuesday said that it would acquire Pangea, a company specializing in AI security, to expand its Falcon platform with new protections designed for enterprise AI systems. The acquisition, announced at CrowdStrike’s Fal.Con 2025 event, is intended to address security challenges specific to the use of AI models, agents, and applications in the workplace. CrowdStrike plans to integrate Pangea’s capabilities to help organizations monitor, control, and secure AI interactions across their infrastructure. The announcement…

Read More