7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
SecurityWeek

3 Recently Patched Fortinet FortiSandbox Vulnerabilities in Hacker Crosshairs

Three recently patched Fortinet FortiSandbox vulnerabilities are being targeted in the wild, according to exploit ...
Tech Times

GitHub Copilot CLI Adds Pre-Commit Security Scanner: LLM Inference at the Detection Layer

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that uses LLM inference to flag injection flaws, XSS, path traversal, and weak ...
decrypt

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Add Decrypt as your preferred source to see more of our stories on Google. Prompt injection is the number one security risk for AI applications. The attack works by tricking a chatbot into following ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
IEEE

Deep Tabular and Sequential Models for Robust SCADA Cybersecurity Using the Custom-Built SCADANet Dataset

Abstract: Supervisory Control and Data Acquisition (SCADA) systems are critical for managing large-scale industrial facilities, yet their increasing connectivity exposes them to sophisticated ...
GitHub

is now the default.

───────────────────────────────────────────────────────────────── Not safe to deploy · api-billing ...
GitHub

jessmail/secure-api-analyzer

An automated security testing tool for REST APIs, focused on authentication, authorization, and OWASP Top 10 vulnerabilities. Built for penetration testers and security engineers who need fast, ...
tech-ish.com

Co-op Bank security scare exposes a potential crisis across Kenya’s banking websites

A screenshot shared on X (formerly Twitter) has reignited a long-running debate about the technical foundations of Kenya’s banking infrastructure, and the results, for at least one major institution, ...
The Hacker News

The Hacker News | #1 Trusted Source for Cybersecurity News — Index Page

The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach ...
Cloud Security Alliance

Applying MAESTRO to Real-World Agentic AI Threat Models: From Framework to CI/CD Pipeline

Every security team I talk to is having the same conversation right now. Their developers are shipping AI agents — coding assistants, autonomous workflows, LLM-powered tools that can browse the web, ...
Ars Technica

New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

The face-palm-worthy prompt injections against AI assistants continue. Today’s installment hits OpenAI’s Deep Research agent. Researchers recently devised an attack that plucked confidential ...