Langflow RCE Vulnerability Exploited to Deploy Monero Cryptominer on Exposed AI Servers
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow, to compromise interne...
20 articles
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution (RCE) vulnerability in Langflow, to compromise interne...
A newly documented injection technique abuses the kernel-to-user callback dispatch path used by the Windows graphical subsystem (win32k.sys) to achieve remot...
Dell Technologies has disclosed several critical vulnerabilities in its Wyse Management Suite (WMS) that could enable remote attackers to execute arbitrary c...
U.S.
The emergence of LLM-driven “disposable tooling” is reshaping offensive tradecraft and forcing defenders to rethink detection models that rely on static sign...
A critical vulnerability has been identified in Google’s Gemini CLI and the associated run-gemini-cli GitHub Action. This flaw exposes headless continuous in...
A newly disclosed remote code execution (RCE) vulnerability in Microsoft 365 Apps is raising concerns in enterprise environments. Attackers can exploit malic...
UNC1151 tracked by many as Ghostwriter or FrostyNeighbor has advanced a credential-phishing technique that uses a real-time WebSocket relay to defeat SMS and...
The U.S.
Millenium RAT version 4.* exposes a compact but potent evolution: the malware has migrated from .
DCloud Uni-App has become a mass-production layer for fraud, with more than 236,000 distinct scam domains tied to a sprawling ecosystem of fake exchanges, wa...
Zhipu AI’s newly released GLM-5.2 model is attracting significant attention from the cybersecurity community due to its vulnerability detection capabilities,...
OpenAI has announced the limited preview of its next-generation AI model family, GPT‑5.6, headlined by the flagship “Sol” model, which introduces significant...
Rokarolla, a sophisticated Android banking trojan distributed via malicious websites that masquerade as trusted applications such as TikTok, Google Chrome an...
Anthropic has officially restored access to its Claude Mythos 5 artificial intelligence model for a select group of U.S.
A newly disclosed flaw in the Linux kernel’s traffic-control subsystem, now assigned CVE-2026-46331 and referred to as “Pedit COW,” has been found to grant a...
A critical cloud storage attack technique that exploits a fundamental architectural vulnerability shared across all major cloud service providers. The techni...
A critical Local Privilege Escalation flaw has been uncovered within the Linux kernel, allowing unprivileged local users to seamlessly gain root access by ma...
A critical security flaw discovered in the Amazon Q Developer Extension for Visual Studio Code (VS Code) left developers vulnerable to arbitrary code executi...
Water and wastewater systems have become strategic gray‑zone targets for Russia, China, and Iran, driven by chronic underinvestment and weak operational‑tech...