SecurityWeek

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.

[Free eBook] Cyber Breach Response That Actually Works (worth $45)

A cyber breach could cost your organization millions of dollars—in 2019, the average cost of a cyber breach for companies was ...
Microsoft

When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures

During tax season, threat actors reliably take advantage of the urgency and familiarity of time-sensitive emails, including ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Infosecurity Magazine

Security Flaw in AWS Bedrock Code Interpreter Raises Alarms

A method for exfiltrating sensitive data from AI-powered code execution environments using domain name system (DNS) queries has been demonstrated by security researchers, highlighting potential risks ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.

AI is supercharging cloud cyberattacks - and third-party software is the most vulnerable

Cloud attacks are getting faster and deadlier - here's your best defense plan ...
eWeek

OpenAI Acquires Cybersecurity Startup Promptfoo to Strengthen AI Agent Security

OpenAI is acquiring Promptfoo to strengthen AI agent security, adding enterprise testing tools for jailbreaks, prompt injections, data leaks, and governance.
Dark Reading

Chinese Cyber Threat Lurks In Critical Asian Sectors for Years

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows ...