7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...
GitHub

Coze Python API SDK

The Coze Python SDK is your comprehensive solution for seamlessly integrating Coze's powerful open APIs into Python applications. Complete API coverage: All Coze open APIs and authentication methods ...
SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...
The Hacker News

North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels

Proofpoint says UNK_DeadDrop sent 250+ phishing emails to nearly 100 firms, using GitHub and VS Code lures to steal ...
IEEE

Bridging Observability and Security: A Graph-Based Arbitration and Adaptive Sensing Approach via eBPF

Abstract: With the evolution of cloud-native microservice architectures traditional sidecar-based monitoring patterns and fragmented security tools have introduced significant resource overhead and ...

The attack dominating financial services doesn't steal passwords. It resets MFA and steals the token.

Credential theft fell to 13% of breach vectors in 2026. Attackers now bypass MFA via help desk resets and OAuth token theft.
Ars Technica

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
Security Boulevard

Zscaler Acquires Symmetry Systems to Gain Data Graph

Zscaler plans to acquire Symmetry Systems, Inc. to add graph technology that applies artificial intelligence (AI) to access logs that are used to determine what data is being accessed by which ...