Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1941+ Articles
150+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
All tags
116 articles

#AI Security

All CosmicBytez Labs articles tagged #AI Security, across news, security advisories, how-to guides, and projects.

  • SecurityJul 17, 2026

    CVE-2026-14890: SGLang ZeroMQ Unauthenticated RCE via Pickle Deserialization

    A critical unauthenticated remote code execution vulnerability in the SGLang AI inference framework allows attackers to deliver malicious pickle payloads through an exposed ZeroMQ PULL socket, achieving arbitrary code execution without credentials.

  • SecurityJul 16, 2026

    CVE-2026-46339: 9Router Unauthenticated Plugin Registration & MCP Command Execution

    A critical CVSS 10 vulnerability in 9Router AI router versions 0.4.30–0.4.36 allows unauthenticated attackers to register custom plugins and execute arbitrary commands via an unprotected MCP bridge endpoint.

  • SecurityJul 16, 2026

    CVE-2026-61736: LightRAG Critical CORS Credential Bypass (CVSS 9.3)

    LightRAG's default server configuration combines CORS_ORIGINS=* with allow_credentials=True, allowing any origin to make credentialed cross-origin requests and exposing knowledge graphs to unauthorized access.

  • NewsJul 15, 2026

    Google Gemini CLI Jailbroken and Used as a Hacking Agent to Run a Malware Botnet

    Trend Micro researchers discovered a Russian-speaking threat actor named 'bandcampro' who jailbroke Google's open-source Gemini CLI to operate an 8-machine botnet inside a dental clinic, including autonomously migrating C2 infrastructure in just 6 minutes.

  • NewsJul 15, 2026

    We Built a Vulnerability Vending Machine: AI Tokens In, Zero-Days Out

    Security firm Intruder built an AI-powered system that combines code slicing with large language models to automatically discover complex software vulnerabilities — including a previously unknown WordPress plugin zero-day.

  • NewsJul 13, 2026

    Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, and AI Coding Attacks

    This week's biggest threats: Progress Software orders ShareFile shutdown over an undisclosed zero-day-level risk, ransomware groups weaponize Citrix Bleed 2 to bypass MFA across 91+ victims, and five AI coding assistants fall to a shared attack pattern.

  • SecurityJul 12, 2026

    CVE-2026-60090: PraisonAI SQL Injection via Unvalidated Dimension Parameter in Vector Store Backends

    A CVSS 9.8 critical SQL injection vulnerability in PraisonAI before 4.6.78 allows attackers to exploit the unvalidated dimension argument in PGVector and...

  • SecurityJul 12, 2026

    CVE-2026-61445: PraisonAI AICoder Arbitrary File Write and Command Injection via LLM Tool Calls

    A CVSS 9.9 critical vulnerability in PraisonAI before 4.6.78 allows attackers to write files to arbitrary filesystem locations and execute arbitrary OS...

  • SecurityJul 12, 2026

    CVE-2026-61447: PraisonAI CodeAgent Remote Code Execution via Unsandboxed Python Execution

    A CVSS 10.0 critical vulnerability in PraisonAI before 1.6.78 allows attackers to achieve remote code execution by injecting malicious prompts that...

  • NewsJul 11, 2026

    'Ghostcommit' Hides Prompt Injection in Images to Fool AI Agents and Steal Secrets

    Security researchers have demonstrated 'Ghostcommit,' a technique that embeds prompt injection payloads inside PNG images to bypass AI code review tools...

  • NewsJul 9, 2026

    Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours

    A single threat actor leveraged AI workflows, chained cloud misconfigurations, and stolen credentials to breach a large Amazon Web Services customer...

  • NewsJul 9, 2026

    AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It

    Researchers at the AI Now Institute have demonstrated a 'Friendly Fire' attack that tricks AI coding agents — including Claude Code, Gemini CLI, and...

  • NewsJul 7, 2026

    What Changes When AI Writes Your Code: Supply Chain Security in the Age of LLMs

    Software supply chain security was already complex. Now that AI coding assistants are writing production code, security teams face new questions about...

  • NewsJul 6, 2026

    JadePuffer: The First Fully Autonomous LLM-Driven Ransomware Attack

    Security researchers at Sysdig have documented JadePuffer — an agentic threat actor powered entirely by a large language model that independently...

  • NewsJul 6, 2026

    Software Is Now Written at the Speed of Thought. Security Isn't.

    AI-assisted code generation has collapsed the time between idea and deployment, but security review cycles have not kept pace. The gap between how fast...

  • NewsJul 6, 2026

    Weekly Recap: Proxy Botnets, Browser Ransomware, AI Agent Tricks, Fake PoC Malware

    This week's threat roundup covers residential proxy botnets hiding in streaming boxes, browser-based ransomware campaigns, AI agent abuse techniques, and...

  • NewsJul 5, 2026

    Chinese LLMs Broaden the Gap Between Attackers & Defenders

    China's GLM 5.2 finds vulnerabilities at $0.17 each and outperforms frontier Western models on security benchmarks — while AI-enabled adversary activity...

  • NewsJul 4, 2026

    Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

    Kaspersky has identified a previously undocumented APT group — Armored Likho (aka Eagle Werewolf) — deploying an AI-assisted Python infostealer called...

  • NewsJul 3, 2026

    Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution

    Two critical vulnerabilities (CVE-2026-50548, CVE-2026-50549) dubbed DuneSlide allow zero-click prompt injection attacks to escape Cursor IDE's sandbox...

  • NewsJul 2, 2026

    AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack

    Sysdig researchers documented the first fully autonomous AI-driven ransomware campaign, where threat actor JADEPUFFER used an AI agent to chain Langflow...

  • NewsJul 2, 2026

    Anthropic's AI Finds Bugs. IBM Bets $5B It Can Fix Them.

    IBM and Red Hat announced Project Lightwell — a $5 billion commitment to secure open-source supply chains using Anthropic's Mythos AI model, which found...

  • NewsJul 2, 2026

    ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

    This week's security roundup covers AI compute theft, a newly discovered Apple Mail vulnerability, the emerging BlueHammer ransomware group, and 14...

  • NewsJun 30, 2026

    Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks

    Security researchers have found that classic Bash shell techniques — some dating back decades — can bypass the safeguards in most open-source AI coding...

  • NewsJun 30, 2026

    Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

    Threat actors are actively weaponizing CVE-2026-33017, a critical unauthenticated RCE flaw in Langflow, to deploy a Monero miner via the lambsys...

  • NewsletterJun 30, 2026

    June 30 Digest: BlueHammer Zero-Day, Ransomware Goes Corporate, AI Supply Chain Risks & Nation-State ICS Threats

    A Microsoft Defender zero-day fuels ransomware before any patch exists; researchers dissect how syndicate groups run HR departments and tiered pricing;...

  • NewsJun 28, 2026

    In Other News: Chinese Mythos-Like AI, Tata Electronics Breach, Snyk Layoffs

    Qihoo 360 unveils Tulongfeng — a Chinese rival to Anthropic's Mythos AI vulnerability finder; the World Leaks ransomware group dumps 630 GB from Tata...

  • NewsJun 28, 2026

    Nebulock Raises $25 Million for AI-Native Contextual Security

    Boston-based Nebulock has closed a $25 million Series A led by FirstMark to expand its AI-native contextual threat hunting platform, which has performed...

  • NewsJun 27, 2026

    Cisco Adds NHI to Security Stack With Astrix, WideField Acquisitions

    Cisco has acquired Astrix Security and WideField to build out non-human identity (NHI) protection capabilities, betting that securing AI agents, service...

  • NewsJun 27, 2026

    Clean GitHub Repo Tricks AI Coding Agents Into Running Malware

    Researchers demonstrate how a seemingly clean, scanner-safe GitHub repository can silently execute a malicious payload when an AI coding agent clones and...

  • NewsJun 25, 2026

    More Malicious OpenClaw Skills Threaten AI Supply Chain

    Unit 42 researchers identified five persistent malicious skill packages on ClawHub — OpenClaw's AI agent marketplace — including infostealers disguised as...

  • NewsJun 23, 2026

    Data Exposure Flaws in Dify AI Platform Put 1 Million+ App Tenants at Risk

    Security researchers discovered multi-tenant isolation failures in the Dify AI platform that allowed attackers to read private conversations from other...

  • NewsletterJun 23, 2026

    June 23 Digest: FortiBleed, Klue/Salesforce Supply Chain, Squidbleed, GitHub Actions Fix

    A Russian IAB harvests 110M credentials from FortiGate firewalls; the Icarus group drains hundreds of Salesforce orgs via Klue OAuth tokens; a 29-year-old...

  • NewsJun 22, 2026

    Microsoft Fixes AutoGen Studio Flaw That Enabled Code Execution

    Microsoft has patched the AutoJack vulnerability chain in AutoGen Studio, its AI agent prototyping interface, which allowed attackers to manipulate agents...

  • NewsJun 22, 2026

    Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

    Four vulnerabilities dubbed DifyTap were disclosed in the open-source AI workflow platform Dify, enabling attackers to silently read AI conversations from...

  • NewsJun 21, 2026

    Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way

    AI agents can access databases, trigger workflows, deploy code, and interact with critical business systems — often with little oversight. Token Security...

  • NewsJun 19, 2026

    AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

    Microsoft researchers have detailed AutoJack, a novel exploit chain that turns AI browsing agents into delivery vehicles for remote code execution by...

  • NewsJun 19, 2026

    Forget Data Leakage: Shadow AI's Real Threat Is Access Control

    The original shadow AI concern — employees pasting sensitive data into public tools — has been overtaken by a more dangerous problem: unsanctioned AI apps...

  • NewsJun 19, 2026

    From Assistive to Agentic: The AI Shift That's Redefining Threat Management

    Enterprise security teams are sitting on 40+ tools generating overlapping alerts, yet breach dwell times remain stubbornly high. Agentic AI is changing...

  • NewsJun 17, 2026

    Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

    Researchers have uncovered a coordinated malware campaign involving 15 malicious JetBrains Marketplace plugins posing as DeepSeek-powered AI coding...

  • NewsletterJun 17, 2026

    June 17 Digest: Teams C2 Evasion, Copilot Data Theft, iRhythm Breach, cPanel KEV

    DragonForce hides C2 inside Microsoft Teams relay traffic; a SearchLeak attack weaponizes M365 Copilot for one-click data exfiltration; iRhythm confirms...

  • NewsJun 15, 2026

    LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

    Researchers at Obsidian Security disclosed a chain of three vulnerabilities in the widely deployed LiteLLM open-source AI gateway that allows a default...

  • NewsJun 15, 2026

    SearchLeak: New Attack Turned Microsoft 365 Copilot into 1-Click Data Theft Tool

    Researchers disclosed SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot Enterprise that allows attackers to steal sensitive data from a...

  • NewsJun 11, 2026

    ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Code Patch + 28 New Stories

    This week's threat intelligence roundup covers a supply chain attack kit posted publicly, a $5,000-per-month RAT that clones browser sessions, AI agents...

  • NewsJun 10, 2026

    Aryon Security Raises $29 Million in Series A Funding

    In the post-Mythos era, Aryon Security's platform helps organizations enforce security controls across multi-cloud environments as AI-generated...

  • NewsJun 10, 2026

    Path Traversal Flaw in AI Dev Platform Langflow Exploited in Attacks

    Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in Langflow, to write arbitrary files on exposed servers....

  • NewsJun 10, 2026

    Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

    A high-severity path traversal flaw (CVE-2026-5027, CVSS 8.8) in the AI application builder Langflow is being actively exploited with no patch available....

  • NewsJun 6, 2026

    AI Agent Uncovers 21 Zero-Days in FFmpeg; Chrome Patches Record 429 Bugs

    An autonomous AI security agent found 21 previously unknown vulnerabilities in FFmpeg, the media library powering countless applications. The same week…

  • NewsJun 6, 2026

    New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

    OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts, restricting tool capabilities that could be exploited in prompt…

  • NewsJun 5, 2026

    Adaptive, Agentic AI Worms Loom as the Next Major Enterprise Threat

    Security researchers warn that adaptive agentic AI worms — described as 'viruses with wings and brains' — will likely strike enterprise environments within a…

  • NewsJun 5, 2026

    In Other News: Anthropic Maps AI Threats, Unpatched Comodo Flaw, Palantir Chief Eyed for CISA

    This week's cybersecurity roundup covers Anthropic's new AI threat taxonomy, an unpatched Comodo security flaw, Palantir's Alex Karp reportedly under…

  • NewsJun 5, 2026

    Only 10% of SOCs Say They're Getting Excellent Value From AI — What the Second Wave Must Deliver

    A new survey reveals only 10% of Security Operations Centers report getting excellent value from AI investments. As billions flow into AI-powered security…

  • NewsJun 4, 2026

    Security of 100 AI Agents Tested and Ranked – What You Need to Know

    A new AI Risk Quadrant framework has benchmarked 100 AI agents across three dimensions: vulnerability to compromise, potential breach impact, and strength of…

  • NewsJun 3, 2026

    Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)

    Redis has patched a use-after-free vulnerability in its blocking-client code that allows authenticated users to execute arbitrary OS commands on the database…

  • SecurityJun 3, 2026

    CVE-2026-4035: MLflow AI Gateway Credential Exfiltration via Env Variable Resolution

    A CVSS 9.1 critical flaw in MLflow AI Gateway allows server-side environment variables in api_key fields to be resolved and exfiltrated to attacker-controlled…

  • NewsJun 2, 2026

    Beyond Assume-Breach: How AI-Native Security Will Reshape Enterprise Defense

    Twenty years after Dark Reading launched, security leaders are looking beyond the assume-breach paradigm toward AI-native, hyper-segmented enterprise defense…

  • NewsJun 1, 2026

    OpenAI Codex Authentication Tokens Stolen via codexui-android npm Supply Chain Attack

    Cybersecurity researchers have uncovered a malicious npm package named codexui-android that targets developers using OpenAI Codex by masquerading as a…

  • NewsMay 31, 2026

    As Global Powers Explore Humanoid Robots, Cyber-Risk Looms

    Nation-states are racing to dominate the embodied AI and humanoid robotics market, but as governments and militaries integrate these systems, the…

  • NewsMay 31, 2026

    Frontier AI Reinforces the Future of Modern Cyber Defense

    As OpenAI and Anthropic push frontier AI capabilities forward, SentinelOne argues that AI-native, machine-speed cyber defense is now essential — and that the…

  • NewsMay 31, 2026

    GCHQ Chief: AI Is an 'Unstoppable Force' with Offensive and Defensive Cyber Ramifications

    Anne Keast-Butler, head of the UK's GCHQ signals intelligence agency, has warned that artificial intelligence represents an unstoppable force in cyberspace…

  • NewsMay 29, 2026

    Geordie Raises $30 Million for AI Security and Governance Platform

    AI security startup Geordie closes a $30M round led by Balderton Capital to help enterprises detect and govern AI risk across their environments.

  • NewsMay 28, 2026

    Cybersecurity Evolution: From Perimeter Defense to AI-Native Security

    On Dark Reading's 20-year mark, a tech lens on how cybersecurity moved from castle-and-moat perimeters to AI-native, identity-first cloud defense.

  • NewsMay 28, 2026

    UK Cyberspying Chief Calls AI 'an Unstoppable Force' and Warns About Russia

    UK signals-intel chief warns AI is reshaping threats as an unstoppable force while Russia escalates hostile gray-zone activity below open conflict.

  • NewsMay 27, 2026

    Open Source DockSec Uses AI to Cut Through Vulnerability

    DockSec, an OWASP incubator project, combines multiple container security scanners with AI-generated plain-English remediation guidance and exact Dockerfile.

  • NewsMay 23, 2026

    Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely

    Anthropic has disclosed that Project Glasswing — its AI-powered vulnerability research initiative using the Claude Mythos system — has uncovered more than...

  • SecurityMay 20, 2026

    CVE-2026-2611: MLflow 3.9.0 Improper Origin Validation

    A critical CVSS 9.6 vulnerability in MLflow 3.9.0 allows a remote attacker to exploit improper origin validation in the MLflow Assistant's /ajax-api...

  • NewsMay 18, 2026

    5 Steps to Managing Shadow AI Tools Without Slowing Down

    80% of employees currently use unapproved AI tools at work, yet only 12% of companies have formal AI governance policies. Adaptive Security outlines a...

  • NewsMay 16, 2026

    In Other News: Big Tech vs Canada Encryption Bill, Cisco's

    Other noteworthy stories this week: Big Tech firms push back against Canada's encryption legislation, Cisco releases a free AI security specification, and...

  • NewsMay 15, 2026

    The Boring Stuff Is Dangerous Now

    AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed...

  • NewsMay 14, 2026

    OpenAI Asks macOS Users to Update After TanStack npm Supply

    OpenAI is urging macOS users to update their software following an expanding supply chain attack that compromised TanStack and additional npm and PyPI...

  • NewsMay 14, 2026

    PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours

    Threat actors began exploiting CVE-2026-44338, a missing authentication flaw in the PraisonAI multi-agent orchestration framework, within just four hours...

  • NewsMay 14, 2026

    ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI

    This week's threat roundup covers an actively exploited PAN-OS RCE granting root access, Anthropic's Mythos AI finding a cURL memory safety bug, AI...

  • NewsMay 13, 2026

    Weaponized AI: The New Frontier of Fraud and Identity

    Fake identity fraud powered by generative AI is projected to cause $40 billion in losses annually. Security leaders are warned that static defenses are no...

  • NewsMay 10, 2026

    Ollama Out-of-Bounds Read Flaw Allows Remote Process Memory

    Researchers have disclosed a critical out-of-bounds read vulnerability in Ollama that enables remote unauthenticated attackers to leak the entire process...

  • NewsMay 1, 2026

    Cisco Releases Open Source Tool for AI Model Provenance

    Cisco has released a new open source toolkit designed to track and verify the provenance of AI models throughout the supply chain, addressing risks from...

  • NewsApr 30, 2026

    AI Finds 38 Security Flaws in Electronic Health Record

    Security researchers using AI-assisted analysis discovered 38 vulnerabilities in OpenEMR, an open-source electronic health record platform used by more...

  • NewsApr 30, 2026

    Critical Gemini CLI Flaw Enabled Host Code Execution

    A critical vulnerability in Google's Gemini CLI allowed an attacker to plant a malicious configuration file that executed commands outside the sandbox,...

  • NewsApr 28, 2026

    Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE

    Cybersecurity researchers have disclosed CVE-2026-25874, a critical unauthenticated remote code execution vulnerability (CVSS 9.3) in Hugging Face's...

  • NewsApr 28, 2026

    Hackers Are Exploiting a Critical LiteLLM Pre-Auth SQLi Flaw

    Threat actors are actively exploiting CVE-2026-42208, a critical pre-authentication SQL injection vulnerability in the LiteLLM open-source LLM gateway,...

  • NewsletterApr 28, 2026

    Apr 28 Digest: Medtronic 9M Breach, GitHub RCE, LiteLLM

    ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...

  • NewsApr 26, 2026

    Hypersonic Supply Chain Attacks: One Solution That Didn't

    SentinelOne details how its AI-driven behavioral detection stopped three zero-day supply chain attacks at machine speed — without prior knowledge of the...

  • NewsApr 26, 2026

    LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

    A high-severity SSRF vulnerability in LMDeploy, a widely used open-source LLM deployment toolkit, was actively exploited in the wild less than 13 hours...

  • SecurityApr 24, 2026

    CVE-2026-26210: KTransformers Unsafe Deserialization RCE

    KTransformers through version 0.5.3 contains a critical unsafe deserialization vulnerability in its balance_serve backend mode, where an unauthenticated...

  • NewsApr 21, 2026

    Cloud Platform Vercel Says Company Breached Through

    Vercel has confirmed a security breach in which limited customer credentials were exposed after an employee's workstation was compromised through malware...

  • NewsletterApr 21, 2026

    Apr 21 Digest: Vercel AI Tool Breach, DPRK $290M, ActiveMQ

    Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...

  • NewsApr 20, 2026

    Anthropic MCP Design Vulnerability Enables RCE, Threatening

    Cybersecurity researchers have discovered a critical by-design weakness in the Model Context Protocol architecture that enables arbitrary command...

  • NewsApr 20, 2026

    SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious

    A critical CVSS 9.8 command injection vulnerability in the SGLang AI inference framework allows attackers to achieve remote code execution by supplying a...

  • NewsApr 20, 2026

    Vercel Breach Tied to Context AI Hack Exposes Limited

    Vercel's security breach originated from the compromise of Context.ai, a third-party AI tool used by a company employee, allowing attackers to gain...

  • NewsApr 20, 2026

    Vercel Employee's AI Tool Access Led to Data Breach

    Stolen OAuth tokens from a compromised employee AI tool enabled attackers to pivot into Vercel's internal systems. Security researchers warn that...

  • NewsApr 20, 2026

    Why the Axios Attack Proves AI Is Mandatory for Supply

    The North Korean supply chain attack on Axios — a JavaScript library with 100 million weekly downloads — highlights why human-scale monitoring can no...

  • NewsApr 19, 2026

    Analysis of 216M Security Findings Shows a 4x Increase in Critical Risk (2026 Report)

    OX Security analyzed 216 million security findings across 250 organizations over 90 days and found critical risk grew by nearly 400% year-over-year, even...

  • NewsApr 19, 2026

    Microsoft, Salesforce Patch AI Agent Data Leak Flaws

    Prompt injection vulnerabilities in Salesforce Agentforce and Microsoft Copilot would have allowed unauthenticated attackers to exfiltrate sensitive CRM...

  • NewsApr 11, 2026

    Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong

    Anthropic's Claude Mythos Preview model can autonomously find and exploit zero-days across every major OS and browser at a 72.4% success rate — and it's...

  • SecurityApr 9, 2026

    CVE-2026-39888: PraisonAI Sandbox Escape Enables Remote

    A critical sandbox escape vulnerability in PraisonAI's multi-agent framework allows attackers to bypass the Python code execution sandbox, defeating the...

  • SecurityApr 9, 2026

    CVE-2026-39890: PraisonAI YAML Injection Achieves Remote

    A critical code injection vulnerability in PraisonAI's AgentService allows attackers to craft malicious YAML files using dangerous js-yaml tags such as...

  • NewsApr 8, 2026

    Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws

    Anthropic's new Project Glasswing initiative uses a preview of its frontier model Claude Mythos to autonomously discover thousands of previously unknown...

  • SecurityApr 7, 2026

    CVE-2026-1114: lollms JWT Weak Secret Key Allows Admin

    A critical vulnerability (CVSS 9.8) in parisneo/lollms v2.1.0 allows attackers to brute-force the application's JWT secret key offline, forge...

  • NewsApr 6, 2026

    How LiteLLM Turned Developer Machines Into Credential

    The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...

  • NewsApr 2, 2026

    Critical Vulnerability in Claude Code Emerges Days After

    Adversa AI has discovered a critical vulnerability in Anthropic's Claude Code AI coding assistant, disclosed just days after Anthropic accidentally leaked...

  • NewsApr 2, 2026

    Mercor Confirms Security Incident Tied to LiteLLM Supply

    AI hiring platform Mercor has confirmed a security incident linked to the LiteLLM PyPI supply chain attack carried out by TeamPCP. Separately, Lapsus$...

  • NewsApr 1, 2026

    Claude Code Source Leaked via npm Packaging Error

    Anthropic confirmed that internal source code for its Claude Code AI coding assistant was accidentally published to npm due to a human packaging error. No...

  • NewsMar 31, 2026

    Claude Code Source Code Accidentally Leaked in NPM Package

    Anthropic accidentally published the source code for Claude Code — its normally closed-source AI coding assistant — inside an npm package. The company...

  • NewsMar 29, 2026

    CISA: New Langflow Flaw Actively Exploited to Hijack AI

    CISA has added CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in the Langflow AI framework, to its Known Exploited...

  • NewsMar 25, 2026

    Paid AI Accounts Are Now a Hot Underground Commodity

    New research from Flare Systems reveals that premium AI platform access — including ChatGPT Plus, Claude Pro, and raw API keys — has been systematically...

  • NewsMar 25, 2026

    Supply Chain Attack Hits Widely-Used AI Package, Risking

    Malicious versions of LiteLLM — a Python package with 3 million daily downloads present in roughly 36% of cloud environments — were quietly pushed to PyPI...

  • NewsMar 17, 2026

    AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable

    Security researchers disclosed critical flaws across three major AI platforms: Amazon Bedrock AgentCore's sandbox can be bypassed via DNS to exfiltrate...

  • NewsletterMar 17, 2026

    Mar 17 Digest: GlassWorm Poisons Python, n8n RCE Hits KEV

    This week: GlassWorm escalates with 72 malicious Open VSX extensions and a GitHub token force-push campaign poisoning hundreds of Python repos; CISA adds...

  • NewsMar 16, 2026

    Shadow AI Is Everywhere. Here's How to Find and Secure It.

    Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Security teams can discover AI apps, monitor...

  • NewsMar 16, 2026

    Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach

    This week's cybersecurity roundup covers the actively exploited Chrome zero-day CVE-2026-2441, the Aisuru router botnet record DDoS attack, a supply chain...

  • NewsMar 14, 2026

    OpenClaw AI Agent Flaws Enable Prompt Injection, 1-Click

    China's CNCERT has warned that OpenClaw (formerly Clawdbot/Moltbot), the viral self-hosted AI agent, carries over 250 disclosed vulnerabilities including...

  • ProjectMar 11, 2026

    Securing AI-Assisted Development with Claude Code

    Build guardrails around AI-generated code with Claude Code hooks, security-scanning agents, OWASP-aware prompting, and automated secret detection. A...

  • NewsFeb 23, 2026

    Cline CLI Supply Chain Attack Installs Unauthorized

    A compromised npm publish token was used to inject a malicious postinstall script into Cline CLI version 2.3.0 on February 17, 2026, silently installing...

  • NewsletterFeb 23, 2026

    Late February Roundup: New Guides, Checklists & Threat

    New IT offboarding checklist, endpoint security baseline, BGP monitoring guide, ClickFix detection guide, plus AI-powered attacks on FortiGate devices, a...

  • NewsFeb 20, 2026

    WormGPT Hacked: 19,000 Cybercriminal AI Platform Users

    A threat actor has published a database allegedly containing 19,000 user records from WormGPT, the underground AI platform marketed for offensive hacking...

  • SecurityFeb 20, 2026

    Critical RCE in Microsoft Semantic Kernel Python SDK

    A maximum-severity code injection vulnerability in Microsoft's Semantic Kernel Python SDK allows authenticated attackers to execute arbitrary code through...

  • NewsFeb 18, 2026

    AI-Driven Threats Accelerate: Agentic Attacks, Model

    Multiple industry reports warn that 2026 marks the emergence of agentic AI threats — autonomous systems capable of planning and executing multi-step...

  • NewsFeb 17, 2026

    Microsoft Discovers 'AI Recommendation Poisoning' via Chatbot Prompts

    Microsoft's Defender team tracked over 50 unique prompt injection payloads from 31 companies using 'Summarize with AI' buttons to manipulate chatbot...