{"uuid": "dbc538d1-023b-486a-9212-101005e32c75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50548", "type": "seen", "source": "https://t.me/bhhub/1200", "content": "Weekly 8 AI &amp; Cyber signals to act on (Jun 25 \u2013 Jul 4, 2026)\n\n#AISecurity@bhhub \n\n\u2728 DuneSlide (CVE-2026-50548 &amp; CVE-2026-50549): Zero-Click Prompt Injection Escapes Cursor IDE Sandbox With CVSS 9.8 RCE\nURL\nCato AI Labs disclosed two independent CVSS 9.8 vulnerabilities in Cursor IDE \u2014 used by 50%+ of Fortune 500 \u2014 that allow a prompt injection delivered via an MCP server or poisoned web search result to escape the editor's sandbox and achieve full OS-level remote code execution with no user interaction beyond making a normal prompt.\n\n\u2728 DGuardFall: Decades-Old Shell Injection Bypasses Command Guards in Popular Open-Source AI Coding Agents\nURL\nAdversa AI disclosed a universal shell injection vulnerability class (GuardFall) in open-source AI coding agents, showing that 30-year-old shell quoting bypass techniques defeat the pattern-based command guards used in popular agents and allow prompt injection to reach bash with the operator's full authority.\n\n\u2728 Agentjacking: Fake Sentry Error Reports Hijack AI Coding Agents With 85% Success Rate Across 2,388 Exposed Organizations\nURL\nTenet Threat Labs demonstrated that an attacker with a target's Sentry DSN key can inject crafted \"error reports\" that AI coding agents (Claude Code, Cursor, Codex) interpret as legitimate diagnostic guidance and execute \u2014 achieving 85% exploitation success in controlled testing and identifying 2,388 organizations with exposed DSNs.\n\n#AppSec@bhhub \n\n\u2728 Fake AI Agent Skill Cleared Every Security Scanner and Reportedly Reached 26,000 Agents via Mutable External Link\nURL\nSecurity firm AIR built a fake AI agent skill that passed Cisco and NVIDIA scanners by deferring payload delivery to a mutable external link \u2014 scanners approved the skill clean, and the link's target was swapped post-review \u2014 reportedly reaching 26,000 agents including corporate accounts before AIR pulled it.\n\n\u2728 Microsoft Documents MCP Tool-Poisoning Kill Chain Against Copilot Studio Finance Agent and Maps Defenses to Each Stage\nURL\nMicrosoft's Security Blog documented a complete MCP tool-poisoning attack chain against a Copilot Studio finance agent, tracing how a poisoned tool description causes the agent to silently exfiltrate company data, and mapping Microsoft's Prompt Shields, Purview DLP, and runtime monitoring controls to each stage of the kill chain.\n\n#RedTeam@bhhub \n\n\u2728 Collaborative-Adversarial Jailbreaking: IMA Attack Achieves 89% Success Against Multi-Agent Systems at Scale\nURL\nA peer-reviewed study in Neural Networks introduces the IMA (Injection via Multi-Agent) attack, which achieves 89% jailbreak success against multi-agent code generation systems including MetaGPT and CrewAI \u2014 significantly outperforming single-agent baselines \u2014 by exploiting the fact that multi-agent collaboration amplifies harm propagation rather than containing it.\n\n#BlueTeam@bhhub\n\n\u2728 Google DeepMind AI Control Roadmap v0.1: Structural Containment Framework for Potentially Misaligned Internal AI Agents\nURL\nGoogle DeepMind published its AI Control Roadmap v0.1, treating AI agent misbehavior as an engineering requirement rather than an alignment failure \u2014 and mapping defense-in-depth controls (Detection D1\u2013D4, Prevention/Response R1\u2013R3) specifically for internal agents that must be assumed potentially misaligned.", "creation_timestamp": "2026-07-14T12:00:05.022362Z"}