IEEE

CID4IoT: IoT-Oriented Command Injection Vulnerability Detection Based on Critical Code Extraction and LLM Analysis

Abstract: The Internet of Things (IoT) devices have brought invaluable convenience to our daily lives. However, they also introduce significant security challenges. Common vulnerabilities in numerous ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
techtimes

AI Agent Security Hits Its Reckoning: Prompt Injection May Be a Permanent Flaw, Not a Patchable Bug

Prompt injection is the technique of smuggling instructions to an AI agent through content the agent reads — a document, a calendar invite, a web page, a code comment — so that hostile text carries ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
IEEE

A diligent survey of SQL injection attacks, detection and evaluation of mitigation techniques

Abstract: Today cyber security is a vast and most influenceable part of system security. This research provides detailed study of Sql injection and its various types. Research also focuses on ...
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
Ars Technica

Fed up with vibe coders, dev sneaks data-nuking prompt injection into their code

The controversy over vibe coding reached a new high this week after a developer added hidden instructions to his open source Java testing app to sabotage projects performed by AI coding agents. The ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...