SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...
The Hacker News

Which Code Vulnerabilities Actually Get Fixed? New Code Security Data from 50,000+ Repos

Authentication Failures (A07) show the largest gap in the dataset: a 48-percentage-point difference between leaders and the field. Leaders fix at nearly 60%, while the field sits at roughly 12%.
The Tech Edvocate

The Hidden Threat: How README Files Can Compromise AI Security

Spread the loveThe Rise of AI Agents and the Security Implications As artificial intelligence (AI) continues to evolve, its ...
Dark Reading

Supply Chain Attack Secretly Installs OpenClaw for Cline Users

The rapid spread of OpenClaw wasn't going fast enough for someone. Cybersecurity vendors this week noticed an odd trend when the npm package for version 2.3.0 of Cline, a widely used open source AI ...
TechSpot

Unwanted AI upgrade to Windows Notepad created a serious security flaw

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...
USA Today

Is Saks closing stores? What we know amid CEO changes, bankruptcy

Saks Global, which owns luxury brand Saks Fifth Avenue and its discounted division Saks Off Fifth, is announced a series of leadership changes and a bankruptcy filing, leaving consumers wondering if ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...
The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt ...
SiliconANGLE

Critical ‘LangGrinch’ vulnerability in langchain-core puts AI agent secrets at risk

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a recently uncovered critical vulnerability on langchain-core, the foundational library behind ...
TechCrunch

OpenAI says AI browsers may always be vulnerable to prompt injection attacks

Even as OpenAI works to harden its Atlas AI browser against cyberattacks, the company admits that prompt injections, a type of attack that manipulates AI agents to follow malicious instructions often ...
EurekAlert!

Vulnerability of large language models to prompt injection when providing medical advice

About The Study: In this quality improvement study using a controlled simulation, commercial large language models (LLM’s) demonstrated substantial vulnerability to prompt-injection attacks (i.e., ...
Android Authority

OpenAI's Atlas browser has a security flaw that could expose your private info

OpenAI’s recently launched browser, Atlas, has a concerning vulnerability. Atlas appears to be susceptible to attacks known as clipboard injections. This type of attack can be used to steal login ...