7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
techtimes

AI Agent Security Hits Its Reckoning: Prompt Injection May Be a Permanent Flaw, Not a Patchable Bug

Prompt injection is the technique of smuggling instructions to an AI agent through content the agent reads — a document, a calendar invite, a web page, a code comment — so that hostile text carries ...
decrypt

What Is an AI Prompt Injection Attack? The Hidden Threat Hijacking Your Chatbots

Add Decrypt as your preferred source to see more of our stories on Google. Prompt injection is the number one security risk for AI applications. The attack works by tricking a chatbot into following ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Computerworld

For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft delivered fixes for issues affecting everything from Windows to Office, .NET, and SQL Server, and several patches that should be deployed ASAP. Microsoft this week released 139 updates ...
cybernews

Researchers hijack popular AI agents from Anthropic, Google, and Microsoft: vendors choose to stay silent

Security researchers have hijacked three popular AI agents that integrate with GitHub Actions using a new type of prompt-injection attack to steal API keys and access tokens. The problem is most ...
Seeking Alpha

Cybersecurity stocks fall after Anthropic unveils Claude Code Security

Anthropic (ANTHRO) unveiled a new feature called Claude Code Security built into Claude Code on the web. Cybersecurity stocks were in the red on Friday. CrowdStrike (CRWD) and Cloudflare (NET) each ...
ZDNet

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

As AI adoption speeds ahead, major security flaws remain unsolved. Users and businesses should stay up to date on vulnerabilities. These four major issues still plague AI integration. AI systems are ...
Bleeping Computer

Google says hackers are abusing Gemini AI for all attacks stages

State-backed hackers are using Google's Gemini AI model to support all stages of an attack, from reconnaissance to post-compromise actions. Bad actors from China (APT31, Temp.HEX), Iran (APT42), North ...
LinkedIn

Case Study: From SQL Injection to Remote Code Execution (RCE) – A Blackbox Penetration Test Analysis

In the domain of offensive security, a Blackbox Penetration Test is the ultimate simulation of a real-world threat actor. Without prior knowledge of the internal architecture or source code, the ...
Computerworld

For January, Patch Tuesday starts off with a bang

The latest update from Microsoft deals with 112 flaws, including eight the company rated critical — and three zero-day exploits. Ninety-five of the vulnerabilities affect Windows. The first Patch ...
theregister

Contagious Claude Code bug Anthropic ignored promptly spreads to Cowork

Anthropic's tendency to wave off prompt-injection risks is rearing its head in the company's new Cowork productivity AI, which suffers from a Files API exfiltration attack chain first disclosed last ...