The Hacker News

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware

North Korea-linked ScarCruft uses fake Microsoft Account alerts and ZIP files to deliver NarwhalRAT, a Python RAT built for ...
CSO Online

Google’s Vertex AI SDK could allow RCE through bucket squatting

Google reportedly patched a flaw in the Vertex AI SDK for Python that could allow attackers to hijack model uploads and ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
HealthcareInfoSecurity

Critical Splunk Vulnerability Actively Exploited

A disclosed Splunk Enterprise vulnerability, CVE-2026-20253, is under active exploitation and can be chained into ...

"Thought It Was a Security Alert Email"...Warning Issued Over Malicious MS Impersonation Emails

A cyberattack has been discovered in which emails impersonating Microsoft (MS) security alerts are being used to spread ...
The Hacker News

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

Three LiteLLM flaws let low-privilege users gain admin access and run code, exposing AI keys, secrets, prompts, and responses ...
Security Boulevard

When AI Agents Become Bots: A Field Report from the Authentication Layer

Security vendors and their customers have spent considerable time debating where to draw the line between “legitimate” AI agents and “malicious” bots. A 31-day campaign against a major consumer ...

Vercel launches a new framework and enterprise controls for agentic AI infrastructure

Front-end software development startup Vercel Inc. introduced a set of new products today at Ship, its annual conference, to ...

I let Claude audit my messy Home Assistant setup, and it was a massive wake-up call

I gave Claude access to my Home Assistant. It helped me audit, debug, and improve my smart home better than I ever could have ...
MUO on MSN

I stopped juggling AI APIs and switched everything to one that actually works

I can use virtually every language, speech, image, and video model with one API key.
MUO on MSN

I stopped using cloud image editors after I found this self-hosted alternative

Cloud image editors are now much harder to justify.
Developer Tech

AI agent breaches Fedora software supply chain

A rogue AI agent using compromised developer credentials breached the Fedora software supply chain and merged defective code into production. The incident exposed deep architectural flaws in ...