Exposed AI Apps Turn Misconfiguration Into RCE Risk
Microsoft warns that publicly exposed AI apps, MCP servers, and Kubernetes-hosted agent tooling can turn weak defaults into practical paths for RCE, credential theft, and data exposure.
AI (General)
Fake OpenAI Hugging Face Repo Shows AI Supply Chain Risk Is Already Here
A fake OpenAI Privacy Filter repository on Hugging Face delivered Windows infostealer malware. Here is what SMB and gov-contractor defenders should take from it.
MCP Server Command Injection Shows Why AI Tools Need Real Isolation
A critical GitHub advisory for @profullstack/mcp-server shows how unsafe AI tool endpoints can turn domain lookup functionality into unauthenticated remote code execution.
Prompt Injection Just Became an RCE Problem for AI Agents
Microsoft disclosed Semantic Kernel vulnerabilities showing how prompt injection can cross into code execution when AI agents are connected to unsafe tools. Here is what defenders should review now.
LiteLLM Supply Chain Attack: TeamPCP Deploys Multi-Stage Credential Stealer to 95M Monthly Downloads
A sophisticated supply chain attack has compromised LiteLLM, the widely-used Python library for interfacing with large language models, delivering multi-stage credential-stealing malware to systems downloading over 95 million packages per month. The attack, attributed to TeamPCP—the same threat group behind the recent Trivy supply chain compromises—targeted LiteLLM versions 1.82.7 and 1.82.8 on PyPI. According to…
DeepLoad Malware: AI-Generated Evasion Meets ClickFix Delivery in Enterprise Credential Theft Campaign
A sophisticated new malware campaign dubbed “DeepLoad” has emerged targeting enterprise environments, combining ClickFix social engineering delivery with AI-generated obfuscation techniques that defeat traditional security controls. ReliaQuest researchers discovered the threat after observing it achieve persistent, credential-stealing access through a single user action. What Makes DeepLoad Different DeepLoad isn’t notable for any single technique—it’s the…
Unit 42 Warns: AI Agents Could Enable Gift Card Theft and Returns Fraud at Scale
Palo Alto Networks’ Unit 42 has published new research examining how the rise of “agentic commerce” – AI agents that autonomously browse, shop, and transact on behalf of users – could be exploited by cybercriminals to conduct retail fraud at unprecedented scale. Read the full research from Unit 42. The Coming Wave of Agentic Commerce…
CVE-2026-33017: Critical Langflow AI Framework Vulnerability Exploited Within 20 Hours of Disclosure
A critical vulnerability in Langflow, the popular open-source visual framework for building AI agents and RAG pipelines, was weaponized by threat actors within just 20 hours of public disclosure—before any proof-of-concept code was publicly available. The Vulnerability Tracked as CVE-2026-33017 (CVSS 9.3), the vulnerability is an unauthenticated remote code execution (RCE) flaw affecting the /api/v1/build_public_tmp/{flow_id}/flow…
Critical Langflow AI Platform Flaw CVE-2026-33017 Exploited Within 20 Hours of Disclosure
A critical vulnerability in Langflow, the popular open-source AI workflow platform, has been actively exploited within just 20 hours of its public disclosure—before any proof-of-concept code was even available. The rapid weaponization highlights the shrinking window defenders have to patch critical flaws. The Vulnerability: CVE-2026-33017 Tracked as CVE-2026-33017 with a CVSS score of 9.3, the…
The Promptware Kill Chain: A New Framework for Understanding AI Malware Attacks
A groundbreaking research paper by Bruce Schneier and collaborators introduces the concept of “promptware”—a distinct class of malware targeting large language models (LLMs). Moving beyond the myopic focus on prompt injection, the researchers propose a structured seven-step kill chain that mirrors traditional cyberattack frameworks like those used to analyze Stuxnet and NotPetya. The Seven-Stage Promptware…
- 1
- 2