https://ift.tt/IXHsZGq high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck.

The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations.

“The ‘POST /

via The Hacker News https://ift.tt/iUFNEy2

Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure.

The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It’s tracked as CVE-2026-25089 (CVSS score: 9.1).

“An

from The Hacker News https://ift.tt/X1vkFqN
https://ift.tt/tfax64j

https://ift.tt/dep9h10 June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers.

Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying model with the cyber safeguards lifted, stays locked to a vetted group of cyber

via The Hacker News https://ift.tt/CVIUsv7

https://ift.tt/NHdmCyz on Tuesday announced that it will use information shared by other businesses to personalize users’ feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads.

“Businesses often share information about people’s activity on their sites with us to make ads more relevant,” Meta said in a statement.

“We already use this data – like games you play

via The Hacker News https://ift.tt/U3VWBcp

https://ift.tt/G9FZAqi of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without human intervention and without touching a commercial AI service.

The preprint, posted to arXiv on

via The Hacker News https://ift.tt/SJ9ohEj

https://ift.tt/APlYska have more visibility than ever. Growing tech stacks provide greater coverage, and network security teams are increasingly adopting AI and automation to help with routine tasks and reduce manual effort.

But the same challenges persist. Outages still last hours, causing significant financial losses, operational disruption, and reputational impact. Threat response and mean time to

via The Hacker News https://ift.tt/QLCBMeR

https://ift.tt/5KLN7rO again. The weekend was meant to be quiet. It wasn’t. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos. The ugly part: basic tricks still worked.

A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again. And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and

via The Hacker News https://ift.tt/2sfyYcR

https://ift.tt/fGv5ZUV has always been a numbers game. AI has turned it into a volume machine.

Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance.

As the queue grows, a credential theft attempt or malware delivery can easily

via The Hacker News https://ift.tt/LiU8u4v

https://ift.tt/bsFXTmu researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry.

The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world,

via The Hacker News https://ift.tt/r0v9utq

https://ift.tt/CIgLBeq things landed within days of each other this week. A security startup reported 21 previously unknown vulnerabilities in FFmpeg, the media library inside almost everything that touches video, all of them found by an autonomous AI agent.

The same week, Google shipped Chrome 149 with patches for 429 security bugs, the most ever in a single release.

Only the FFmpeg bugs were found by AI.

via The Hacker News https://ift.tt/DTOWQam