Critical flaw in Lenovo’s Lena AI chatbot lets attackers run code and steal cookies — here’s what went wrong and how to fix it
If a friendly AI chatbot greeted you on a big brand’s website and seemed a bit too helpful, would you notice when it quietly handed your session cookie to an attacker? That’s the chilling lesson from a critical security flaw in Lenovo’s AI chatbot, “Lena,” where a single prompt could inject malicious code, exfiltrate session…