Prompt injection is exploiting enterprise AI's biggest design flaws by targeting agents, RAG pipelines and model routers

Prompt injection remains the most effective way to compromise enterprise AI systems because it exploits the fundamental way ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

How AI is reshaping cybersecurity

In this episode of Today in Tech, Keith Shaw speaks with Armadin founder and Chief Offensive Security Officer Evan Pena about ...
Analytics Insight

How Hackers Operate: The Tools Behind Real-World Cybersecurity Testing

Overview:Ethical hackers follow the seven-phase Penetration Testing Execution Standard (PTES), moving from intelligence ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
WeLiveSecurity

OceanLotus: From external espionage to domestic targeting

Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Bleeping Computer

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May ...
GitHub

jessmail/secure-api-analyzer

An automated security testing tool for REST APIs, focused on authentication, authorization, and OWASP Top 10 vulnerabilities. Built for penetration testers and security engineers who need fast, ...
cybernews

Researchers hijack popular AI agents from Anthropic, Google, and Microsoft: vendors choose to stay silent

Security researchers have hijacked three popular AI agents that integrate with GitHub Actions using a new type of prompt-injection attack to steal API keys and access tokens. The problem is most ...