A serious vulnerability in ServiceNow's AI tools allows unauthenticated users to create backdoor admin accounts. Dubbed "BodySnatcher," this flaw highlights the risks of rapidly integrating AI features without proper security measures. ServiceNow has patched the issue, but potential risks remain due to custom configurations.

A new zero-click vulnerability named 'EchoLeak' has been discovered in Microsoft 365 Copilot, allowing attackers to exfiltrate sensitive data without user interaction. Although Microsoft has fixed the issue and there is no evidence of real-world exploitation, the flaw highlights significant risks associated with AI-integrated systems and emphasizes the need for improved security measures against such vulnerabilities.

Researchers from Check Point discovered a critical remote code execution vulnerability dubbed "MCPoison" in the Cursor AI coding tool, allowing attackers to alter approved Model Context Protocol (MCP) configurations to inject malicious commands. Cursor has since released an update to address the flaw, requiring user approval for any modifications to MCP Server entries, but the incident raises concerns about trust in AI-assisted development environments. Further vulnerabilities in AI platforms are expected to be reported by Check Point.