Berkman Klein Center

The Promptware Kill Chain

Affiliate Bruce Schneier and coauthors argue that prompt injection attacks are the first step of a seven-step promptware kill chain.
IEEE

uitSQLid: SQL Injection Detection Using Multi Deep Learning Models Approach

Abstract: Injection attack is the most common risk in web applications. There are various types of injection attacks like LDAP injection, command injection, SQL injection, and file injection. Among ...
eWeek

OpenAI Introduces New Safeguards in ChatGPT to Prevent AI Prompt Injection

OpenAI launches Lockdown Mode and Elevated Risk warnings to protect ChatGPT against prompt-injection attacks and reduce data-exfiltration risks.
Windows Central

Microsoft just made a command line version of the Microsoft Store for Windows 11 — install and update your apps without a GUI

Microsoft has announced the Store CLI, a command-line interface for managing and installing Windows apps from the Microsoft Store. It's similar to WinGet, except the Store CLI only works for apps that ...
IEEE

Automated Search of Instructions Vulnerable to Fault Injection Attacks in Command Authorization Checks of a TPM 2.0 Implementation

Abstract: Several fault attacks have been demonstrated against Trusted Platform Module (TPM) 2.0 implementations. However, the extent to which TPM operation, in particular the commands given to a TPM, ...
winbuzzer.com

Microsoft Patches High-Severity Notepad Remote Code Execution Flaw

Microsoft patched a high-severity command injection vulnerability in Windows Notepad through its February 2026 Patch Tuesday updates that allows attackers to execute malicious code remotely via ...
Reuters

US to turn over two NATO command posts to Europeans, military source says

BRUSSELS, Feb 9 (Reuters) - The United States will turn over two of NATO's major command posts - in Naples, Italy and Norfolk, Virginia - to European officers, a military source told Reuters on Monday ...
Bleeping Computer

BeyondTrust warns of critical RCE flaw in remote support software

BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary ...
GitHub

Command Injection via Bash.run() LLM Tool Registration

The Bash class in MetaGPT is registered as an LLM-callable tool via @register_tool(include_functions=["run"]). This allows LLM agents to execute arbitrary bash commands without any meaningful security ...
CNBC

Pfizer says obesity injection shows promise as monthly treatment in mid-stage trial

Pfizer said its experimental obesity drug, which it acquired through Metsera, drove solid weight loss when taken once a month in a mid-stage trial. The data offer early evidence that the injection can ...
Military Times

Senate approves Donovan as US Southern Command head

Lt. Gen. Francis Donovan speaks during a visit to Naval Special Warfare Group 1 in San Diego, California, Feb. 11, 2025. (MC2 David Rowe/U.S. Navy) Editor’s note: This report has been updated to ...