IEEE

CID4IoT: IoT-Oriented Command Injection Vulnerability Detection Based on Critical Code Extraction and LLM Analysis

Abstract: The Internet of Things (IoT) devices have brought invaluable convenience to our daily lives. However, they also introduce significant security challenges. Common vulnerabilities in numerous ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
IEEE

MagShadow: Physical Adversarial Example Attacks via Electromagnetic Injection

Abstract: Physical adversarial examples (AEs) have become an increasing threat to deploying deep neural network (DNN) models in the real world. Popular approaches adopt sticking-based or ...
Tech Times

GitHub Copilot CLI Adds Pre-Commit Security Scanner: LLM Inference at the Detection Layer

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that uses LLM inference to flag injection flaws, XSS, path traversal, and weak ...
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...