Aggregator

Notion just released version 3.0, complete with AI agents. Because the system contains Simon Willson’s lethal trifecta, it’s vulnerable to data theft though prompt injection.

First, the trifecta:

The lethal trifecta of capabilities is:

• Access to your private data—one of the most common purposes of tools in the first place!
• Exposure to untrusted content—any mechanism by which text (or images) controlled by a malicious attacker could become available to your LLM
• The ability to externally communicate in a way that could be used to steal your data (I often call this “exfiltration” but I’m not confident that term is widely understood.)...

The post Abusing Notion’s AI Agent for Data Theft appeared first on Security Boulevard.

You must login to view this content

WhatsApp 0-click remote code execution (RCE) vulnerability affecting Apple’s iOS, macOS, and iPadOS platforms, detailed with a proof of concept demonstration. The attack chain exploits two distinct vulnerabilities, identified as CVE-2025-55177 and CVE-2025-43300, to compromise a target device without requiring user interaction. The exploit, demonstrated in a proof-of-concept (PoC) shared by the DarkNavyOrg researchers, is […]

The post WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File appeared first on Cyber Security News.

You must login to view this content