CISA: New Langflow flaw actively exploited to hijack AI workflows

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
The Tech Edvocate

The Hidden Threat: How README Files Can Compromise AI Security

Spread the loveThe Rise of AI Agents and the Security Implications As artificial intelligence (AI) continues to evolve, its ...
InfoQ

AWS Launches Managed Openclaw on Lightsail amid Critical Security Vulnerabilities

AWS launched managed OpenClaw on Lightsail for AI agent deployment while security concerns mount. The 250k-star GitHub ...
heise online

SAP Patch Day: NetWeaver vulnerability allows code injection

Admins of SAP installations will have work on Tuesday this week: SAP has released advisories for 15 vulnerabilities in the company's products. Some of these are critical vulnerabilities that allow the ...
TechRepublic

Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files

Perplexity AI Browser Flaw Could Let Calendar Invites Access Local Files Your email has been sent A security flaw in Perplexity’s AI-powered Comet browser could ...
TechSpot

Unwanted AI upgrade to Windows Notepad created a serious security flaw

The big picture: Microsoft released its latest Patch Tuesday update this week with 59 hotfixes across Windows, Microsoft Office, Azure, and core system components. The update includes patches for six ...
Psychology Today

Vulnerability Without Self-Trust Isn’t Courage

Over the past decade, vulnerability has become one of the most celebrated leadership virtues. We’ve collectively learned that sharing more builds trust, openness equals authenticity, and that the ...
Infosecurity-magazine.com

SQL Injection Flaw Affects 40,000 WordPress Sites

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries. The ...
PC World

WinRAR under attack by state-level hackers, according to Google

PCWorld reports that Google’s Threat Intelligence Group discovered state-sponsored hackers from Russia and China actively exploiting a critical WinRAR vulnerability (CVE-2025-8088). This security flaw ...
Dark Reading

Vulnerabilities Surge, But Messy Reporting Blurs Picture

Another year, another record for vulnerability reports. For the ninth year in a row, the number of reported vulnerabilities set a new record, with 48,177 issues assigned a 2025 Common Vulnerabilities ...
CSOonline

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not properly validated. A now-fixed critical flaw in the jsPDF library could ...