SiliconANGLE

OpenAI Codex vulnerability enabled GitHub token theft via command injection, report finds

A critical vulnerability in OpenAI Group PBC’s Codex coding agent could have exposed sensitive GitHub authentication tokens through a command injection flaw, according to a new report out today from ...
The Next Web

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

In short:Security researcher Aonan Guan hijacked AI agents from Anthropic, Google, and Microsoft via prompt injection attacks on their GitHub Actions integrations, stealing API keys and tokens in each ...
TechCrunch

Indian Programmer Exposes Code Injection, Gets A Cease And Desist From The Injectors

The crime, it seems, was the uploading of public code to a public repository, Github. The code, which was publicly available here but now seems to be locked, is considered Flash Network’s proprietary ...