AI Infrastructure
AI infrastructure explores GPUs, compute, training, inference and large-scale deployment. Articles follow platform evolution, architectural bottlenecks and the security implications of AI workloads.

NVIDIA NeMo Framework: RCE Vulnerability in ML Checkpoints
An unsafe deserialization flaw in NVIDIA NeMo Framework checkpoints enables remote code execution. User interaction is required, but t…

Ollama Zero-Day DoS: downloadBlob Bug Puts Local AI Servers at Risk
ZDI has disclosed a zero-day vulnerability in Ollama enabling unauthenticated remote denial-of-service attacks via the downloadBlob fu…

CISA Orders 3-Day Patch for CVE-2026-55255 in Langflow
An IDOR in Langflow's /api/v1/responses endpoint lets authenticated attackers steal LLM and cloud credentials from other users' flows.…

Gartner: By 2028, 60% of Enterprises Will Drop Annual Pentesting for Continuous Validation
Gartner formalizes the COST framework for continuous vulnerability validation. Exploit time has compressed to under 10 hours, and 53%…

Langflow RCE Exploited for Miner Worm: 19-Day Campaign
CVE-2026-33017: Commodity operators exploit exposed AI endpoints to deploy Lambsys, an SSH worm that compromises entire enterprise inf…

Linux Foundation Launches Akrites: A Shared SIRT for Open Source Software
Akrites brings 19 tech giants under one shared SIRT for open source vulnerabilities. A 5% patch rate and Dolan's admission: the road a…

Ransomware: Europe Overtakes US as Top Target With 55% Surge in Attacks
Black Kite's first Europe-focused report reveals 684 ransomware attacks in the first four months of 2026, a 55.1% year-over-year incre…

Microsoft Attributes Mastra Supply-Chain Attack to North Korean Sapphire Sleet
Microsoft assesses with high confidence that the supply-chain compromise of more than 140 @mastra npm packages was carried out by the…

Agentic AI Replaces Assistive AI in Threat Management
Agentic AI is turning Gartner's CTEM framework from a strategic document into a continuous operational cycle. The shift, documented Ju…

Log Discard: 86% of Security Logs End Up in the Trash
A Dynatrace survey of 450 senior IT leaders at large enterprises reveals that half of organizations discard or fail to collect an aver…

Vertex AI SDK: Cross-Tenant Bucket Squatting Enabled RCE
Google Cloud Vertex AI SDK versions 1.139.0 through 1.140.0 were vulnerable to cross-tenant bucket squatting leading to remote code ex…

Langflow CVE-2026-5027: RCE Under Active Exploitation with 7,000 Instances Exposed
A critical path traversal vulnerability in Langflow is being exploited in the wild. CVE-2026-5027 (CVSS 8.8) enables unauthenticated r…