7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

AI agents have fundamentally changed the threat model of AI model-based applications. By equipping these models with plugins (also called tools), your agents no longer just generate text; they now ...
GitHub

An advanced cross-platform tool that automates the process of detecting and exploiting SQL ...

Follow this installation guideline if facing an installation issue. Note: ghauri has to be cloned/installed from github for this switch to work for futures updates, for older version users they have ...
Computerworld

Microsoft’s Patch Tuesday release for April is a whopper

Nearly every major product family needs immediate patching, from Windows to Office to Microsoft Edge, SQL Server, and even Microsoft Developer Tools. Windows admins are going to be busy this month, ...
来自MSN

LangChain framework hit by several worrying security issues — here's what we know

LangChain and LangGraph patch three high-severity flaws exposing files, secrets, and conversation histories Vulnerabilities included path traversal, deserialization leaks, and SQL injection in SQLite ...
LinkedIn

The Grand Theft of Intelligence: Why Prompt Injection is the New SQL Injection?

Phishing used to be about tricking humans. Now it is about tricking the machines we trust to think for us. In the early days of ChatGPT, prompt injection was a parlor trick, you would tell a chatbot ...
Computerworld

For January, Patch Tuesday starts off with a bang

The latest update from Microsoft deals with 112 flaws, including eight the company rated critical — and three zero-day exploits. Ninety-five of the vulnerabilities affect Windows. The first Patch ...
GitHub

MSSQL Commandline Post-Exploitation Toolkit

A fully featured command line tool for post-exploitation operations on Microsoft SQL Server instances. Provides RCE (Remote Code Execution), privilege escalation, persistence, evasion, and cleanup ...
Bleeping Computer

ERMAC Android malware source code leak exposes banking trojan infrastructure

The source code for version 3 of the ERMAC Android banking trojan has been leaked online, exposing the internals of the malware-as-a-service platform and the operator’s infrastructure. The code base ...
Dark Reading

'Earth Lamia' Exploits Known SQL, RCE Bugs Across Asia

A China-nexus threat actor behind the recent exploitation of SAP's NetWeaver software is expanding its campaign, taking advantage of unpatched, Internet-exposed servers deployed by organizations ...