Tag: open-source
-
LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution.LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications.”An SQL injection in LangGraph’s function could First seen on thehackernews.com Jump to article:…
-
Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE
A high-severity security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.”The ‘POST /api/v2/…
-
From SQLi to RCE Exploiting LangGraph’s Checkpointer
y Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framework for building stateful, multi-agent AI systems with built-in persistence. It’s an extension of LangChain, with over […]…
-
From SQLi to RCE Exploiting LangGraph’s Checkpointer
y Yarden Porat AI agents need memory. Frameworks like LangGraph provide it through checkpointers persistence layers that store execution state. But what happens when that persistence layer isn’t locked down? Key Points Background LangGraph is an open-source framework for building stateful, multi-agent AI systems with built-in persistence. It’s an extension of LangChain, with over […]…
-
Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps
The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs”, but with added protection against surveillance. First seen on wired.com Jump to article: www.wired.com/story/signal-alums-release-encrypted-spaces-a-new-system-for-building-private-collaboration-apps/
-
X Square Robot open sources its robot-free data collection framework
Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/x-square-robot-free-data-collection/
-
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-miasma-worm-source-code-briefly-leaked-on-github/
-
Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues
Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code.”Our priority is to protect customers and the broader ecosystem,” a Microsoft spokesperson told The Hacker News via email. “We…
-
LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)
Tags: ai, attack, cisa, cybersecurity, exploit, infrastructure, injection, open-source, vulnerabilityA command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/09/litellm-vulnerability-under-active-attack-cisa-warns-cve-2026-42271/
-
Top 10 Best Software Composition Analysis (SCA) Services 2026
In 2026, the foundation of nearly every modern application is built on open-source components. While this accelerates development and fosters innovation, it also introduces a significant attack surface. A single vulnerability in a widely-used open-source library can expose countless applications to risk, as demonstrated by past high-profile incidents. The need for robust Software Composition Analysis…
-
Microsoft’s open source tools were hacked to steal passwords of AI developers
Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/08/microsofts-open-source-tools-were-hacked-to-steal-passwords-of-ai-developers/
-
Two-Thirds of Open Source Community Unaware of Cyber Resilience Act
ge-item”> Two-Thirds of Open Source Community Unaware of Cyber Resilience Act 8 June 2026 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/open-source-unaware-cyber/
-
DockSec: Open-source AI-powered Docker security scanner
DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/docksec-open-source-ai-docker-security-scanner/
-
DockSec: Open-source AI-powered Docker security scanner
DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/08/docksec-open-source-ai-docker-security-scanner/
-
Hands on with Intelligent Terminal, an AI-powered Windows Terminal
Microsoft has created an open-source fork of Windows Terminal called “Intelligent Terminal,” and it allows you to use AI directly inside Terminal without interfering with the regular session. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/hands-on-with-intelligent-terminal-an-ai-powered-windows-terminal/
-
Top 10 Best Software Composition Analysis (SCA) Tools for Security Teams in 2026
The complexity of modern software development requires security to be deeply embedded within the engineering pipeline rather than treated as an afterthought. With modern applications consisting of over 80% open-source components, the attack surface has shifted drastically. Whether you are managing extensive codebases or integrating third-party APIs, catching flaws before code is compiled is crucial.…
-
Sprawling new House AI bill includes frontier model oversight, open-source security grants
The legislation has already drawn widespread criticism for its proposal to preempt state AI laws. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/house-ai-bill-regulation-cisa-nist-open-source/822131/
-
EU unveils tech sovereignty package to cut reliance on US, Chinese suppliers
The package bundles two draft laws, a Chips Act 2.0 and a Cloud and AI Development Act (CADA), alongside an Open Source Strategy and a roadmap for digitalizing the energy system. First seen on therecord.media Jump to article: therecord.media/eu-unveils-tech-sovereignty-package-cut-reliance-us-china
-
AgentGG: Open-source agentic SAST scanner
Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/05/agentgg-open-source-agentic-sast-scanner/
-
Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS
Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System (TDS) and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework.”The sites are well-designed and often look like legitimate project portals at a glance, sometimes referencing First seen on thehackernews.com Jump…
-
Anthropic shares Mythos with 150 more organizations, including critical infrastructure operators
The AI firm also said it’s exploring how to help open-source developers deal with a flood of vulnerability reports. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ai-anthropic-claude-mythos-project-glasswing-expand/821714/
-
Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT
Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan’s Ministry of Finance with an open-source remote access trojan called Xeno RAT.”The campaign opens with a spear phishing delivery – a ZIP archive containing a malicious LNK file bearing a carefully crafted Pashto-language filename,” First seen on…
-
34 Malicious Packages Steal Cloud Keys, Wallets, and SSH Credentials
Tags: ai, attack, cloud, credentials, crypto, cyber, data, hacker, malicious, open-source, pypi, supply-chainHackers are actively abusing open-source ecosystems to steal sensitive developer data through a large-scale supply chain attack dubbed “TrapDoor,”. The campaign spans npm, PyPI, and Crates.io, leveraging 34 malicious packages and 384 versions to target developers working in cryptocurrency, DeFi, AI, and cloud environments. The attackers weaponized legitimate package installation and build mechanisms to silently…
-
Sicherheitsrisiko Heretic: KI-Schutzwälle in Minuten ausgehebelt
Das Open-Source-Tool Heretic entfernt Sicherheits-Guardrails aus KI-Modellen wie Llama oder Gemma vollautomatisch und verändert die IT-Compliance fundamental. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/sicherheitsrisiko-heretic
-
NVIDIA goes open source with a big batch of physical AI agent tools
NVIDIA just dropped a big batch of open-source >>physical AI<< skills and tools, and they're designed to make a roboticist's life a whole lot easier. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/01/nvidia-open-source-physical-ai-skills/
-
Millions of AI agents imperiled by critical vulnerability in open source package
“BadHost” was found in Starlette, a package with 325 million weekly downloads. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/05/millions-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package/
-
Apple open-sources quantum-resistant encryption code
The release includes implementations of two quantum-secure algorithms and demonstrates how formal verification caught bugs that traditional testing would have missed. First seen on cyberscoop.com Jump to article: cyberscoop.com/apple-open-source-quantum-resistant-encryption/
-
The Hackers Behind Shai-Hulud: Lucky or Skilled?
TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it’s not necessarily due to skill alone. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/shai-hulud-hackers-teampcp-lucky-skilled
-
Claude Mythos AI Identified 10,000+ Software Vulnerabilities in One Month
Anthropic says its Claude Mythos AI identified more than 10,000 software vulnerabilities in one month, including critical flaws in open-source code. First seen on hackread.com Jump to article: hackread.com/claude-mythos-ai-vulnerabilities-one-month/
-
Abliteration: Entfernung von Sicherheitsmechanismen in KI-Modellen immer einfacher
Frei verfügbare Tools erlauben es auch ohne technische Kenntnisse, Sicherheitsbarrieren in Open-Source-KI-Modellen zu umgehen. First seen on golem.de Jump to article: www.golem.de/news/abliteration-entfernung-von-sicherheitsmechanismen-in-ki-modellen-immer-einfacher-2605-209026.html