VULNCVE

NVIDIA Transformers4Rec Flaw Enables RCE via Malicious ML Models

NVIDIA has patched a high-severity deserialization vulnerability (CVE-2026-24162, CVSS 7.8) in its Transformers4Rec library that allow…

Jun 13, 2026views - 818

CYBERSECCRITICAL

LangGraph Vulnerability Chain Grants RCE via AI Agent Persistence

Check Point Research has uncovered a SQL injection and deserialization chain in LangGraph that enables RCE on self-hosted deployments.…

Jun 12, 2026views - 821

CYBERSECCVE

LiteLLM CVE-2026-42271: CISA Confirms Active Exploitation of CVSS 10.0 RCE Chain

CISA has added CVE-2026-42271 to its KEV catalog, confirming active exploitation of a command injection vulnerability in LiteLLM. When…

Jun 09, 2026views - 753

openai

OpenAI Mandates Hardware-Backed Passkeys for Access to Frontier AI Models

Starting June 1, 2026, OpenAI will require Trusted Access for Cyber (TAC) program members to use hardware-backed passkeys, setting a n…

Jun 01, 2026views - 188

ai

DNS-AID: Linux Foundation Launches Decentralized Discovery for AI Agents

The Linux Foundation has launched DNS-AID, an open-source protocol that leverages existing DNS infrastructure to enable decentralized…

Jun 01, 2026views - 237

CYBERSEC

Shadow AI: First 8-K Filing Signals Shift from Internal Policy to Regulatory Mandate

The first SEC 8-K filing for unauthorized AI use marks a turning point for corporate governance. As Shadow AI evolves into 'vibe-coded…

Jun 01, 2026views - 138

CYBERSEC

Poisoned AI Chatbots: A New Vector for High-Performance GPU Cryptojacking

Microsoft has identified an active campaign that manipulates AI chatbot recommendations to distribute GPU-based cryptojacking malware…

May 31, 2026views - 159

VULNCVE

CISA Adds Critical Langflow Vulnerability (CVE-2025-34291) to KEV Catalog Following Active Exploitation

CISA has added CVE-2025-34291, a critical origin validation flaw in the Langflow platform, to its Known Exploited Vulnerabilities cata…

May 24, 2026views - 177

CYBERSEC

1Password and OpenAI Partner to Provide Just-in-Time Credentials for AI Agents

1Password integrates its Environments MCP Server into OpenAI's Codex, enabling just-in-time credentialing for AI coding agents to prev…

May 20, 2026views - 173

agentic

AI Agents in Production: Addressing the Confused-Deputy Threat in Operational Automation

New research identifies a critical architectural gap in operational AI agents where a lack of separation between reasoning and executi…

May 20, 2026views - 114

agentic

Zealot: How Autonomous AI Orchestrates Multi-Stage Cloud Compromise

Palo Alto Networks’ Unit 42 has demonstrated Zealot, a multi-agent PoC capable of executing end-to-end cloud attack chains without hum…

May 20, 2026views - 127

CYBERSECCVE

Critical RCE in ChromaDB: 73% of Exposed Servers Vulnerable to CVE-2026-45829

A maximum-severity vulnerability in ChromaDB’s Python FastAPI server allows unauthenticated remote code execution. The flaw, which ste…

May 19, 2026views - 164