Recent cybersecurity reports highlight significant vulnerabilities and a proactive defense strategy. One notable incident involved McDonald's McHire job chatbot platform, which exposed chat transcripts and personal data from over 64 million job applications due to a combination of an Insecure Direct Object Reference (IDOR) vulnerability and the use of weak default credentials, "123456" for both login and password, on a test franchise's admin panel. This allowed researchers to access details like names, email addresses, phone numbers, and home addresses, with the issue being reported and subsequently fixed by Paradox.ai, the platform provider. Separately, a Google Gemini flaw enables attackers to create phishing scams by embedding invisible prompt injections within emails; when Gemini summarizes these emails, it obeys the hidden directives, potentially presenting fake security alerts to users without needing attachments or direct links. To counter such evolving threats and strengthen national cybersecurity, the UK's National Cyber Security Centre (NCSC) has launched a new Vulnerability Research Initiative (VRI), aiming to improve the UK's ability to identify and understand software and hardware vulnerabilities through structured collaboration with external cybersecurity experts, including those in emerging areas like AI-powered vulnerability discovery.