SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching ...

CISA: New Langflow flaw actively exploited to hijack AI workflows

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...

Meta's new structured prompting technique makes LLMs significantly better at code review — boosting accuracy to 93% in some cases

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...
CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...
Security Boulevard

Anthropic Claude Code Leak

IntroductionOn March 31, 2026, Anthropic accidentally exposed the full source code of Claude Code (its flagship ...
Infosecurity Magazine

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability ...
Dark Reading

Critical Flaw in Langflow AI Platform Under Attack

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axi…

It is exactly this backdoor that had Google conclude this was a North Korea-sponsored campaign. GTIG said WAVESHAPER.V2 is an ...
Hackaday

This Week In Security: Second Verse, Worse Than The First

Isn’t there some claim events come in threes? After the extremely rare leak of the iOS Coruna exploit chain recently, now we have details from Google on a second significant exploit in the ...
Security Boulevard

Which Came First: The System Prompt, or the RCE?

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude ...