Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

In 2025 and 2026, several independent sources have highlighted the same trend: Prompt injection remains one of the most ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
Bleeping Computer

Critical Fortinet FortiSandbox flaws now exploited in attacks

Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. The flaws allow ...
The Hacker News

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal ...
techtimes

AI Agent Security Hits Its Reckoning: Prompt Injection May Be a Permanent Flaw, Not a Patchable Bug

Prompt injection is the technique of smuggling instructions to an AI agent through content the agent reads — a document, a calendar invite, a web page, a code comment — so that hostile text carries ...
CSOonline

Frontier AI models offer sneak peak of seismic cyber shifts ahead

CISOs need to prepare for a vulnerability discovery onslaught, even as attackers will still have work to do to operationalize flaws that abused and malicious AI models turn up. The advent of Claude ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI is changing the security landscape. More and more threat groups incorporate LLMs into their reconnaissance and exploitation workflows. The notion that some vulnerabilities are too complex to ...

Instagram Hackers Bypass Two-Factor Authentication Using 'Flawed' Meta AI Support System to Steal Rare Verified Accounts

A flaw in Meta's AI-powered Instagram recovery tool allowed attackers to hijack accounts by redirecting password reset links, bypassing traditional security measures. Meta quickly patched the ...