All CosmicBytez Labs articles tagged #AI Security, across news, security advisories, how-to guides, and projects.
A critical unauthenticated remote code execution vulnerability in the SGLang AI inference framework allows attackers to deliver malicious pickle payloads through an exposed ZeroMQ PULL socket, achieving arbitrary code execution without credentials.
A critical CVSS 10 vulnerability in 9Router AI router versions 0.4.30–0.4.36 allows unauthenticated attackers to register custom plugins and execute arbitrary commands via an unprotected MCP bridge endpoint.
LightRAG's default server configuration combines CORS_ORIGINS=* with allow_credentials=True, allowing any origin to make credentialed cross-origin requests and exposing knowledge graphs to unauthorized access.
Trend Micro researchers discovered a Russian-speaking threat actor named 'bandcampro' who jailbroke Google's open-source Gemini CLI to operate an 8-machine botnet inside a dental clinic, including autonomously migrating C2 infrastructure in just 6 minutes.
Security firm Intruder built an AI-powered system that combines code slicing with large language models to automatically discover complex software vulnerabilities — including a previously unknown WordPress plugin zero-day.
This week's biggest threats: Progress Software orders ShareFile shutdown over an undisclosed zero-day-level risk, ransomware groups weaponize Citrix Bleed 2 to bypass MFA across 91+ victims, and five AI coding assistants fall to a shared attack pattern.
A CVSS 9.8 critical SQL injection vulnerability in PraisonAI before 4.6.78 allows attackers to exploit the unvalidated dimension argument in PGVector and...
A CVSS 9.9 critical vulnerability in PraisonAI before 4.6.78 allows attackers to write files to arbitrary filesystem locations and execute arbitrary OS...
A CVSS 10.0 critical vulnerability in PraisonAI before 1.6.78 allows attackers to achieve remote code execution by injecting malicious prompts that...
Security researchers have demonstrated 'Ghostcommit,' a technique that embeds prompt injection payloads inside PNG images to bypass AI code review tools...
A single threat actor leveraged AI workflows, chained cloud misconfigurations, and stolen credentials to breach a large Amazon Web Services customer...
Researchers at the AI Now Institute have demonstrated a 'Friendly Fire' attack that tricks AI coding agents — including Claude Code, Gemini CLI, and...
Software supply chain security was already complex. Now that AI coding assistants are writing production code, security teams face new questions about...
Security researchers at Sysdig have documented JadePuffer — an agentic threat actor powered entirely by a large language model that independently...
AI-assisted code generation has collapsed the time between idea and deployment, but security review cycles have not kept pace. The gap between how fast...
This week's threat roundup covers residential proxy botnets hiding in streaming boxes, browser-based ransomware campaigns, AI agent abuse techniques, and...
China's GLM 5.2 finds vulnerabilities at $0.17 each and outperforms frontier Western models on security benchmarks — while AI-enabled adversary activity...
Kaspersky has identified a previously undocumented APT group — Armored Likho (aka Eagle Werewolf) — deploying an AI-assisted Python infostealer called...
Two critical vulnerabilities (CVE-2026-50548, CVE-2026-50549) dubbed DuneSlide allow zero-click prompt injection attacks to escape Cursor IDE's sandbox...
Sysdig researchers documented the first fully autonomous AI-driven ransomware campaign, where threat actor JADEPUFFER used an AI agent to chain Langflow...
IBM and Red Hat announced Project Lightwell — a $5 billion commitment to secure open-source supply chains using Anthropic's Mythos AI model, which found...
This week's security roundup covers AI compute theft, a newly discovered Apple Mail vulnerability, the emerging BlueHammer ransomware group, and 14...
Security researchers have found that classic Bash shell techniques — some dating back decades — can bypass the safeguards in most open-source AI coding...
Threat actors are actively weaponizing CVE-2026-33017, a critical unauthenticated RCE flaw in Langflow, to deploy a Monero miner via the lambsys...
A Microsoft Defender zero-day fuels ransomware before any patch exists; researchers dissect how syndicate groups run HR departments and tiered pricing;...
Qihoo 360 unveils Tulongfeng — a Chinese rival to Anthropic's Mythos AI vulnerability finder; the World Leaks ransomware group dumps 630 GB from Tata...
Boston-based Nebulock has closed a $25 million Series A led by FirstMark to expand its AI-native contextual threat hunting platform, which has performed...
Cisco has acquired Astrix Security and WideField to build out non-human identity (NHI) protection capabilities, betting that securing AI agents, service...
Researchers demonstrate how a seemingly clean, scanner-safe GitHub repository can silently execute a malicious payload when an AI coding agent clones and...
Unit 42 researchers identified five persistent malicious skill packages on ClawHub — OpenClaw's AI agent marketplace — including infostealers disguised as...
Security researchers discovered multi-tenant isolation failures in the Dify AI platform that allowed attackers to read private conversations from other...
A Russian IAB harvests 110M credentials from FortiGate firewalls; the Icarus group drains hundreds of Salesforce orgs via Klue OAuth tokens; a 29-year-old...
Microsoft has patched the AutoJack vulnerability chain in AutoGen Studio, its AI agent prototyping interface, which allowed attackers to manipulate agents...
Four vulnerabilities dubbed DifyTap were disclosed in the open-source AI workflow platform Dify, enabling attackers to silently read AI conversations from...
AI agents can access databases, trigger workflows, deploy code, and interact with critical business systems — often with little oversight. Token Security...
Microsoft researchers have detailed AutoJack, a novel exploit chain that turns AI browsing agents into delivery vehicles for remote code execution by...
The original shadow AI concern — employees pasting sensitive data into public tools — has been overtaken by a more dangerous problem: unsanctioned AI apps...
Enterprise security teams are sitting on 40+ tools generating overlapping alerts, yet breach dwell times remain stubbornly high. Agentic AI is changing...
Researchers have uncovered a coordinated malware campaign involving 15 malicious JetBrains Marketplace plugins posing as DeepSeek-powered AI coding...
DragonForce hides C2 inside Microsoft Teams relay traffic; a SearchLeak attack weaponizes M365 Copilot for one-click data exfiltration; iRhythm confirms...
Researchers at Obsidian Security disclosed a chain of three vulnerabilities in the widely deployed LiteLLM open-source AI gateway that allows a default...
Researchers disclosed SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot Enterprise that allows attackers to steal sensitive data from a...
This week's threat intelligence roundup covers a supply chain attack kit posted publicly, a $5,000-per-month RAT that clones browser sessions, AI agents...
In the post-Mythos era, Aryon Security's platform helps organizations enforce security controls across multi-cloud environments as AI-generated...
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in Langflow, to write arbitrary files on exposed servers....
A high-severity path traversal flaw (CVE-2026-5027, CVSS 8.8) in the AI application builder Langflow is being actively exploited with no patch available....
An autonomous AI security agent found 21 previously unknown vulnerabilities in FFmpeg, the media library powering countless applications. The same week…
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts, restricting tool capabilities that could be exploited in prompt…
Security researchers warn that adaptive agentic AI worms — described as 'viruses with wings and brains' — will likely strike enterprise environments within a…
This week's cybersecurity roundup covers Anthropic's new AI threat taxonomy, an unpatched Comodo security flaw, Palantir's Alex Karp reportedly under…
A new survey reveals only 10% of Security Operations Centers report getting excellent value from AI investments. As billions flow into AI-powered security…
A new AI Risk Quadrant framework has benchmarked 100 AI agents across three dimensions: vulnerability to compromise, potential breach impact, and strength of…
Redis has patched a use-after-free vulnerability in its blocking-client code that allows authenticated users to execute arbitrary OS commands on the database…
A CVSS 9.1 critical flaw in MLflow AI Gateway allows server-side environment variables in api_key fields to be resolved and exfiltrated to attacker-controlled…
Twenty years after Dark Reading launched, security leaders are looking beyond the assume-breach paradigm toward AI-native, hyper-segmented enterprise defense…
Cybersecurity researchers have uncovered a malicious npm package named codexui-android that targets developers using OpenAI Codex by masquerading as a…
Nation-states are racing to dominate the embodied AI and humanoid robotics market, but as governments and militaries integrate these systems, the…
As OpenAI and Anthropic push frontier AI capabilities forward, SentinelOne argues that AI-native, machine-speed cyber defense is now essential — and that the…
Anne Keast-Butler, head of the UK's GCHQ signals intelligence agency, has warned that artificial intelligence represents an unstoppable force in cyberspace…
AI security startup Geordie closes a $30M round led by Balderton Capital to help enterprises detect and govern AI risk across their environments.
On Dark Reading's 20-year mark, a tech lens on how cybersecurity moved from castle-and-moat perimeters to AI-native, identity-first cloud defense.
UK signals-intel chief warns AI is reshaping threats as an unstoppable force while Russia escalates hostile gray-zone activity below open conflict.
DockSec, an OWASP incubator project, combines multiple container security scanners with AI-generated plain-English remediation guidance and exact Dockerfile.
Anthropic has disclosed that Project Glasswing — its AI-powered vulnerability research initiative using the Claude Mythos system — has uncovered more than...
A critical CVSS 9.6 vulnerability in MLflow 3.9.0 allows a remote attacker to exploit improper origin validation in the MLflow Assistant's /ajax-api...
80% of employees currently use unapproved AI tools at work, yet only 12% of companies have formal AI governance policies. Adaptive Security outlines a...
Other noteworthy stories this week: Big Tech firms push back against Canada's encryption legislation, Cisco releases a free AI security specification, and...
AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed...
OpenAI is urging macOS users to update their software following an expanding supply chain attack that compromised TanStack and additional npm and PyPI...
Threat actors began exploiting CVE-2026-44338, a missing authentication flaw in the PraisonAI multi-agent orchestration framework, within just four hours...
This week's threat roundup covers an actively exploited PAN-OS RCE granting root access, Anthropic's Mythos AI finding a cURL memory safety bug, AI...
Fake identity fraud powered by generative AI is projected to cause $40 billion in losses annually. Security leaders are warned that static defenses are no...
Researchers have disclosed a critical out-of-bounds read vulnerability in Ollama that enables remote unauthenticated attackers to leak the entire process...
Cisco has released a new open source toolkit designed to track and verify the provenance of AI models throughout the supply chain, addressing risks from...
Security researchers using AI-assisted analysis discovered 38 vulnerabilities in OpenEMR, an open-source electronic health record platform used by more...
A critical vulnerability in Google's Gemini CLI allowed an attacker to plant a malicious configuration file that executed commands outside the sandbox,...
Cybersecurity researchers have disclosed CVE-2026-25874, a critical unauthenticated remote code execution vulnerability (CVSS 9.3) in Hugging Face's...
Threat actors are actively exploiting CVE-2026-42208, a critical pre-authentication SQL injection vulnerability in the LiteLLM open-source LLM gateway,...
ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...
SentinelOne details how its AI-driven behavioral detection stopped three zero-day supply chain attacks at machine speed — without prior knowledge of the...
A high-severity SSRF vulnerability in LMDeploy, a widely used open-source LLM deployment toolkit, was actively exploited in the wild less than 13 hours...
KTransformers through version 0.5.3 contains a critical unsafe deserialization vulnerability in its balance_serve backend mode, where an unauthenticated...
Vercel has confirmed a security breach in which limited customer credentials were exposed after an employee's workstation was compromised through malware...
Vercel confirms breach through a compromised third-party AI coding tool; North Korean hackers attributed to a $290 million crypto theft; 6,400 Apache...
Cybersecurity researchers have discovered a critical by-design weakness in the Model Context Protocol architecture that enables arbitrary command...
A critical CVSS 9.8 command injection vulnerability in the SGLang AI inference framework allows attackers to achieve remote code execution by supplying a...
Vercel's security breach originated from the compromise of Context.ai, a third-party AI tool used by a company employee, allowing attackers to gain...
Stolen OAuth tokens from a compromised employee AI tool enabled attackers to pivot into Vercel's internal systems. Security researchers warn that...
The North Korean supply chain attack on Axios — a JavaScript library with 100 million weekly downloads — highlights why human-scale monitoring can no...
OX Security analyzed 216 million security findings across 250 organizations over 90 days and found critical risk grew by nearly 400% year-over-year, even...
Prompt injection vulnerabilities in Salesforce Agentforce and Microsoft Copilot would have allowed unauthenticated attackers to exfiltrate sensitive CRM...
Anthropic's Claude Mythos Preview model can autonomously find and exploit zero-days across every major OS and browser at a 72.4% success rate — and it's...
A critical sandbox escape vulnerability in PraisonAI's multi-agent framework allows attackers to bypass the Python code execution sandbox, defeating the...
A critical code injection vulnerability in PraisonAI's AgentService allows attackers to craft malicious YAML files using dangerous js-yaml tags such as...
Anthropic's new Project Glasswing initiative uses a preview of its frontier model Claude Mythos to autonomously discover thousands of previously unknown...
A critical vulnerability (CVSS 9.8) in parisneo/lollms v2.1.0 allows attackers to brute-force the application's JWT secret key offline, forge...
The TeamPCP threat actor's March 2026 supply chain attack against LiteLLM exposed a dangerous blind spot: developer workstations running local AI agents...
Adversa AI has discovered a critical vulnerability in Anthropic's Claude Code AI coding assistant, disclosed just days after Anthropic accidentally leaked...
AI hiring platform Mercor has confirmed a security incident linked to the LiteLLM PyPI supply chain attack carried out by TeamPCP. Separately, Lapsus$...
Anthropic confirmed that internal source code for its Claude Code AI coding assistant was accidentally published to npm due to a human packaging error. No...
Anthropic accidentally published the source code for Claude Code — its normally closed-source AI coding assistant — inside an npm package. The company...
CISA has added CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in the Langflow AI framework, to its Known Exploited...
New research from Flare Systems reveals that premium AI platform access — including ChatGPT Plus, Claude Pro, and raw API keys — has been systematically...
Malicious versions of LiteLLM — a Python package with 3 million daily downloads present in roughly 36% of cloud environments — were quietly pushed to PyPI...
Security researchers disclosed critical flaws across three major AI platforms: Amazon Bedrock AgentCore's sandbox can be bypassed via DNS to exfiltrate...
This week: GlassWorm escalates with 72 malicious Open VSX extensions and a GitHub token force-push campaign poisoning hundreds of Python repos; CISA adds...
Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Security teams can discover AI apps, monitor...
This week's cybersecurity roundup covers the actively exploited Chrome zero-day CVE-2026-2441, the Aisuru router botnet record DDoS attack, a supply chain...
China's CNCERT has warned that OpenClaw (formerly Clawdbot/Moltbot), the viral self-hosted AI agent, carries over 250 disclosed vulnerabilities including...
Build guardrails around AI-generated code with Claude Code hooks, security-scanning agents, OWASP-aware prompting, and automated secret detection. A...
A compromised npm publish token was used to inject a malicious postinstall script into Cline CLI version 2.3.0 on February 17, 2026, silently installing...
New IT offboarding checklist, endpoint security baseline, BGP monitoring guide, ClickFix detection guide, plus AI-powered attacks on FortiGate devices, a...
A threat actor has published a database allegedly containing 19,000 user records from WormGPT, the underground AI platform marketed for offensive hacking...
A maximum-severity code injection vulnerability in Microsoft's Semantic Kernel Python SDK allows authenticated attackers to execute arbitrary code through...
Multiple industry reports warn that 2026 marks the emergence of agentic AI threats — autonomous systems capable of planning and executing multi-step...
Microsoft's Defender team tracked over 50 unique prompt injection payloads from 31 companies using 'Summarize with AI' buttons to manipulate chatbot...