7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
The Hacker News

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

Google fixed a Vertex AI SDK flaw in v1.148.0 after Unit 42 showed bucket squatting could enable model hijacking and code ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have.
Microsoft

StealC and Amadey: Breaking down infostealers and the cybercrime services that deliver them

On June 24, 2026, Microsoft’s Digital Crimes Unit (DCU) facilitated the takedown, suspension, and blocking of domains that ...

Microsoft debuts Surface RTX Spark Dev Box to run large AI models without cloud costs

Microsoft’s new Surface RTX Spark Dev Box packs Nvidia Blackwell AI power and 128GB of unified memory to run large AI models locally, helping developers cut cloud costs and rethink enterprise AI ...
Tech Times

DeepSeek V4 Architecture: How Sparse Attention Cuts Inference Costs, What NIST Found

DeepSeek V4 architecture uses sparse attention to cut inference costs 73% at one-million-token contexts, but a NIST ...
MUO on MSN

Excel finally speaks regex, and it cleans the data I used to fix by hand

I didn't realize how much time I spent on cleanups until regex let me stop.

OpenCV 5.0 brings LLMs to the Computer Vision Library

Version 5.0 Modernizes DNN Engine, Adds LLM/VLM Support, and Enhances Core, Hardware Acceleration, and 3D Stack.
GitHub

IDA Pro script to add some useful runtime info to static analysis.

This script records function calls (and returns) across an executable using IDA debugger API, along with all the arguments passed. It dumps the info to a text file, and also inserts it into IDA's ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
InfoWorld

Using Visual Studio Code’s ‘air-gapped’ AI model mode

VS Code can use LLM models other than GitHub Copilot’s built-in providers for AI-assisted development, including local and ...
CSOonline

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to high-value enterprise users running GPU-accelerated inference. A high ...