2+ hour ago  (404+ words) Enterprises using the open-source AI orchestration platform Langflow are being urged to patch a high-severity path traversal flaw amid active exploitation, despite a fix having been available for more than two months. The bug, which stems from improper handling of…...

5+ hour, 9+ min ago  (590+ words) according to new research that found a single poisoned document can dramatically slow shared AI agent workflows by trapping reasoning-based safety systems in extended thinking loops. "Reasoning-based guardrails introduce a new attack surface where security mechanisms themselves become the target,…...

5+ hour, 9+ min ago  (415+ words) The trifecta worked as a signal because, at the time, agents were mostly narrowly scoped. An agent capable of performing only one or two of the lethal trifecta activities could be assessed as lower risk. Avoiding the combination felt like…...

5+ hour, 9+ min ago  (542+ words) Sovereign cloud, on the slides, looks like control. In the contracts, service matrices and AI agent deployments, it often looks more like a very expensive illusion. When enterprises talk about sovereign cloud, they are usually thinking about data residency " where…...

2+ day, 16+ hour ago  (541+ words) A disgruntled researcher who has been publishing zero-day Microsoft Windows vulnerabilities for the past several months released a new exploit Thursday that promises to bypass Bit Locker encryption on locked devices. A well respected security expert reported that the exploit…...

2+ day, 22+ hour ago  (181+ words) An intruder has breached the French government's encrypted messaging service, Tchap, showing once again that human error is a weak spot in any security system. Tchap was developed in France as an example of national sovereignty and was designed to…...

3+ day, 4+ hour ago  (629+ words) Today's AI web agents have no dependable defenses against prompt injection, according to new research showing that not a single attack scenario was consistently blocked across leading systems powered by GPT5 and Gemini. The researchers executed 3, 168 adversarial runs across Nano Browser…...

3+ day, 5+ hour ago  (517+ words) A newly disclosed Oracle People Soft zero-day became the weapon of choice in a recent Shiny Hunters extortion campaign that primarily targeted universities and other educational institutes. Attackers exploited the critical remote code execution (RCE) flaw in People Soft's Environment…...

3+ day, 6+ hour ago  (713+ words) Quantum technology'may'feel far off but certain risks are already with us in the form of "harvest now, decrypt later" " an attack vector in which malicious actors steal data now for a future in which they have access to quantum computational…...

4+ day, 4+ hour ago  (564+ words) A botnet made up of compromised small office and Internet of Things devices has grown into a larger reconnaissance network capable of rapidly identifying vulnerable internet-facing systems after public vulnerability disclosures, researchers said. The botnet, tracked by Lumen's Black Lotus…...