The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...
Tech Times

GitHub Copilot CLI Adds Pre-Commit Security Scanner: LLM Inference at the Detection Layer

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that ...

Coempt gave CBSE cyber certificates that were expired, tied to other client

The cybersecurity certificates submitted to CBSE for its OSM platform were outdated and covered a different client's deployment, raising questions on the platform's actual security. | India News ...
Graham Cluley

Smashing Security podcast #470: This AI security flaw might be impossible to fix

A website called “UK visa portal” has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels.

Instagram Hackers Bypass Two-Factor Authentication Using 'Flawed' Meta AI Support System to Steal Rare Verified Accounts

A flaw in Meta's AI-powered Instagram recovery tool allowed attackers to hijack accounts by redirecting password reset links, ...
techtimes

Shannon Lite v1.2.0 on Claude Opus 4.7: Anthropic’s New Cyber Safeguards Require Pentesters to Enroll Before Scans

Shannon Lite, the autonomous white-box penetration testing tool built by San Francisco-based Keygraph, shipped version 1.2.0 on May 6, 2026, upgrading its underlying model from Claude Opus 4.6 to ...
ZDNet

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

As AI adoption speeds ahead, major security flaws remain unsolved. Users and businesses should stay up to date on vulnerabilities. These four major issues still plague AI integration. AI systems are ...
CSOonline

Software supply chain risks join the OWASP top 10 list, access control still on top

There were some changes to the recently updated OWASP Top 10 list, including the addition of supply chain risks. But old standbys, like broken access control, are still at the top. Software supply ...
IEEE

Detection of Malicious Requests to Protect Web Applications and DNS Servers Against SQL Injection Using Machine Learning

Abstract: According to the Open Web Application Security Project (OWASP), SQL injection is one of the top ten threats associated with web security issues. This type of attack takes advantage of web ...
Dark Reading

AI Agents Undermine Progress in Browser Security

Browser security is far from perfect, but technologists and cybersecurity researchers have built a security model that, for the most part, works. However, artificial intelligence (AI) agents could be ...
VentureBeat

The 11 runtime attacks breaking AI security — and how CISOs are stopping them

Enterprise security teams are losing ground to AI-enabled attacks — not because defenses are weak, but because the threat model has shifted. As AI agents move into production, attackers are exploiting ...
TechRadar

Prompt injection attacks might 'never be properly mitigated' UK NCSC warns

UK’s NCSC warns prompt injection attacks may never be fully mitigated due to LLM design Unlike SQL injection, LLMs lack separation between instructions and data, making them inherently vulnerable ...