7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
latesthackingnews.com

Reverse Shell Explained: Setup, Attack Chain, and Detection

A reverse shell makes the target machine initiate the connection back to the attacker, bypassing firewalls that only filter ...
Dark Reading

US Cracks Down on Anthropic AI Models Amid Abuse Concerns

Anthropic suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign ...
Fireship on MSN

The unexpected flaw hiding in every Linux system

A newly discovered 732-byte Python exploit poses severe risks to Linux systems globally. Affecting distributions like Ubuntu ...
The Hacker News

âš¡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

This week’s recap covers exploited flaws, supply chain attacks, phishing kits, AI lures, macOS stealers, urgent CVEs, tools, ...
latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...

Kodak confirms data breach claimed by ShinyHunters extortion gang

Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers ...
Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
IGN

Max Paragon Exploit

Are you looking to to max out your Paragon points quickly? In Mass Effect 1 there's an exploit available very early into the game that allows you to do just that, using a Save exploit at the end of ...
BeInCrypto

Google Files Lawsuit to Dismantle AI-Powered Text Scam Operation

Google sued a China-based network that reportedly ran 9,000 fake sites and blasted AI scam texts to Android users.