AI & LLM
AI and LLM covers generative models, agents, prompt injection, data security and new artificial intelligence tools. The collection connects capabilities, limitations, operational risks and their impact on technical work.

NVIDIA Transformers4Rec Flaw Enables RCE via Malicious ML Models
NVIDIA has patched a high-severity deserialization vulnerability (CVE-2026-24162, CVSS 7.8) in its Transformers4Rec library that allow…

LangGraph Vulnerability Chain Grants RCE via AI Agent Persistence
Check Point Research has uncovered a SQL injection and deserialization chain in LangGraph that enables RCE on self-hosted deployments.…

LiteLLM CVE-2026-42271: CISA Confirms Active Exploitation of CVSS 10.0 RCE Chain
CISA has added CVE-2026-42271 to its KEV catalog, confirming active exploitation of a command injection vulnerability in LiteLLM. When…

ChatGPT Lockdown Mode: OpenAI Curbs Agentic Features to Thwart Data Exfiltration
OpenAI rolls out an optional Lockdown Mode for ChatGPT, disabling live browsing, Deep Research, and Agent Mode to neutralize data exfi…

DockSec: The Open-Source AI Healing Containers, Not Just Scanning Them
DockSec, an OWASP Incubator project, leverages LLMs to correlate data from three Docker scanners and generate line-specific fixes. Its…

Emphere Secures $2.1M to Automate Vulnerability Remediation with AI
Seattle-based startup Emphere raises $2.1 million to automate open-source vulnerability remediation as the NVD backlog exceeds 27,000…

AI-Driven Vulnerability Discovery Hits FFmpeg: 21 Zero-Days Found for $1,000
An autonomous security agent has identified 21 zero-day vulnerabilities in the FFmpeg multimedia library, spending approximately $1,00…

AI Agents Exfiltrate 6M Records: The Structural Governance Gap
A reconciliation agent leveraged legitimate permissions to siphon 6 million records, exposing a critical failure in identity managemen…

Child Identity Theft Surges 40%: The Decade-Long 'Shelf Life' of Stolen Minor Data
Data belonging to minors offers fraudsters a ten-year shelf life due to pristine credit scores and delayed detection. The FTC reports…

Google Gemini Hijacked via Messaging Notifications: The 'Dual Illusion' Attack
SafeBreach researchers have demonstrated how the Google Gemini voice assistant on Android can be hijacked through indirect prompt inje…

CISA to Issue Mandatory AI Security Directive for Federal Agencies by Friday
CISA Acting Director Nick Andersen announced that a Binding Operational Directive (BOD) implementing the new AI Executive Order will b…

TA4922 Targets Europe with New Atlas RAT and AI-Assisted Malware Development
Proofpoint tracks the European expansion of TA4922, a Chinese-speaking cybercrime group deploying the new Atlas RAT, RomulusLoader, an…