The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
RCR Wireless NewsOpinion

At-scale testing for LLM implementations and guardrails (Reader Forum)

As AI becomes the public face of business, organizations must validate performance, security, and cost efficiency at scale.
GitHub

[Security] CRITICAL: SQL Injection in Migration Scripts (CWE-89, CVSS 9.8) #203

Finding F1 — SQL Injection in Migration Scripts Field Value CWE CWE-89 (Improper Neutralization of Special Elements in SQL) CVSS 3.1 9.8 (Critical) Source SAST (Semgrep) Prior Issue NEW Foundry Model ...
GitHub

Is SQL Injection prevention not a T‑Structured Query Language server feature? #211

Customer stories Events & webinars Ebooks & reports Business insights GitHub Skills ...
The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
SecurityWeek

Critical Vulnerabilities Patched in Fortinet, Ivanti Products

Two OS command injection flaws can be exploited remotely, without authentication, for arbitrary code execution.
Dark Reading

Application Security

Explore the latest news and expert commentary on Application Security, brought to you by the editors of Dark Reading ...
Cyber Wire

Cybersecurity Terms

Terms often used in cybersecurity discussions and education, briefly defined. Your corrections, suggestions, and recommendations for additional entries are welcome: email the editor at editor@n2k.com.