Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package ...
Infosecurity Magazine

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability ...

GitHub developers targeted by fake VS Code alerts spreading malware

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick ...

CISA: New Langflow flaw actively exploited to hijack AI workflows

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...
Microsoft

Contagious Interview: Malware delivered through fake developer job interviews

The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and ...
Dark Reading

Critical Flaw in Langflow AI Platform Under Attack

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time ...

‘Hack Yourself’ Apple Attack Steals Mac Passwords

A newly discovered attack sandbags Apple users into hacking themselves. Here’s what all Mac users need to know.

Waratek Redefines Secure Development with Launch of Waratek IAST at JavaOne 2026

AI-assisted code speeds development, but introduces vulnerabilities at an alarming rate. Waratek IAST reports flaws ...

Major Security Breach Of Critical AI Dependency Exposes Cloud Secrets

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Another worrying macOS malware scheme has been discovered — here's how to stay safe

Malwarebytes discovered Infiniti Stealer - a new piece of malware targeting macOS devices.

Point Wild Releases Free LiteLLM Vulnerability Scanner Within 24 Hours of Supply Chain Attack

Point Wild, a leading global provider of AI-powered cybersecurity, today announced the immediate release of a free security tool, who-touched-my-packages (wtmp) – to provide developers visibility into ...
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...