7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...

Read this before you vibe-code another app

Your dream vibe-coded app might be a security nightmare.

How AI is reshaping cybersecurity

In this episode of Today in Tech, Keith Shaw speaks with Armadin founder and Chief Offensive Security Officer Evan Pena about ...

Oracle Targets AI Security With Database-First Protection Strategy

Oracle expands its AI database security strategy with new data protection, patching, and cyber resilience tools to help ...
SecurityWeek

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

DragonForce ransomware operators are using a new backdoor that relies on Microsoft Teams relay servers for C&C.

Critical Copilot vulnerability allowed hackers to steal 2FA code from users

Last Tuesday, Microsoft patched a vulnerability it rated as max critical in its M365 Copilot AI platform. On Monday, the researchers who discovered the vulnerability and reported it to Microsoft ...
Tech Times

Linux Kernel Root Exploit Published: DirtyClone Attack Leaves No Trace

Linux kernel privilege escalation exploit DirtyClone (CVE-2026-43503) is publicly documented: JFrog published a working attack walkthrough Thursday showing how any local user can gain root on ...
The Hacker News

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...
Tech Times

Cyberattacks on Civil Society Hit 7 Times the Rate of Other Websites, Cloudflare Finds

Cyberattacks on civil society organizations reached seven times the rate of other websites last year, according to Cloudflare ...

For June, Patch Tuesday means an IT scramble

Microsoft’s monthly update included 206 fixes for flaws in everything from Windows to Office to Exchange Server, not to mention three zero-days.

Instagram Hackers Bypass Two-Factor Authentication Using 'Flawed' Meta AI Support System to Steal Rare Verified Accounts

A flaw in Meta's AI-powered Instagram recovery tool allowed attackers to hijack accounts by redirecting password reset links, bypassing traditional security measures. Meta quickly patched the ...
CSOonline

Claude Code has an MCP security problem — and your developers are already using it

Claude Code is Anthropic’s AI coding assistant — a command-line tool that developers are adopting fast. It connects to external services through Model Context Protocol, the standard that lets AI tools ...