Claude Code, Gemini CLI, GitHub Copilot agents vulnerable to prompt injection via comments
Researchers disclosed a new “Comment and Control” attack technique that abuses comments in code repositories to inject malicious instructions into AI-powered developer tools like Claude Code, Gemini CLI, and GitHub Copilot agents. Because these tools often trust contextual inputs, attackers can manipulate them into executing unintended actions or exposing sensitive data, highlighting a growing risk in AI-assisted development pipelines where traditional input validation assumptions don’t hold.
Ransomware reaches elevated ‘new normal’ as attack volumes stabilize at higher baseline
New threat intelligence shows ransomware activity has plateaued at a consistently high level rather than declining, indicating that the surge seen in late 2025 has effectively reset the baseline for expected attack volume. This shift suggests organizations should stop treating spikes as anomalies and instead plan for sustained pressure, with continuous intrusion attempts becoming part of normal operating conditions rather than episodic crises.
CISA adds actively exploited flaws in Fortinet, Microsoft, and Adobe products to KEV catalog
CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities catalog, spanning widely deployed enterprise technologies including Fortinet appliances, Microsoft software, and Adobe products. The inclusion confirms active exploitation in the wild and triggers remediation deadlines for federal agencies, reinforcing the continued importance of prioritizing KEV-listed issues as a proxy for real-world attacker activity rather than theoretical risk.
EU AI Act logging requirements create new compliance pressure for AI systems
New analysis of the EU AI Act highlights that logging and traceability requirements for AI systems are more complex than many organizations anticipate, with obligations spread across multiple interdependent articles. Companies deploying AI agents will need to ensure detailed activity logging, auditability, and retention to meet compliance deadlines, exposing gaps in current observability practices and forcing security and engineering teams to treat AI behavior as a regulated system rather than a black box.
US nationals behind DPRK IT worker “laptop farm” sent to prison
Two U.S. nationals were sentenced to prison for helping North Korean remote IT workers pose as U.S. residents and get hired by more than 100 companies, including Fortune 500 firms. Prosecutors said the scheme generated more than $5 million for the DPRK government and caused about $3 million in damages to affected companies, while also placing North Korean workers inside U.S. corporate systems through stolen identities, shell companies, and hosted company laptops.
The post InfoSec News Nuggets 04/16/2026 appeared first on AboutDFIR – The Definitive Compendium Project.
