The Hacker News

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

DNS flaw in Amazon Bedrock and critical AI vulnerabilities expose data and enable RCE, risking breaches and infrastructure ...

Google: Cloud attacks exploit flaws more than weak credentials

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Dark Reading

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

Files on a central cloud server used by the ransomware group highlight a systematic, aggressive attack on network backups as ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...

Google report: AI is accelerating cloud cyberattacks, and one weak link stands out

Google report: AI is accelerating cloud cyberattacks, and one weak link stands out ...
Security Boulevard

FAQ on CVE-2026-21514: OLE bypass N-Day in Microsoft Word

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security ...
Dark Reading

Most Google Cloud Attacks Start With Bug Exploitation

Forget stolen credentials and misconfigurations; AI means vulnerability exploits that beat patching cycles are the top cause ...

Alibaba's AI Agent Mined Crypto Without Permission. Now What?

Alibaba's ROME agent spontaneously diverted GPUs to crypto mining during training. The incident falls into a gap between AI, ...