The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...
Tech Times

GitHub Copilot CLI Adds Pre-Commit Security Scanner: LLM Inference at the Detection Layer

GitHub Copilot security scanning arrives in the terminal with /security-review, an experimental pre-commit slash command that ...
techtimes

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

An unpatched SQL injection vulnerability in the Ghost content management system has been weaponized in an active, large-scale cyberattack that has compromised more than 700 websites worldwide — ...
Bleeping Computer

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May ...
CSOonline

Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched

Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is ...
IEEE

Feature Fusion-Based Detection of SQL Injection and XSS Attacks

Abstract: With the rapid development of the internet, network security issues are becoming increasingly severe. SQL injection attacks and XSS attacks are two common network attack methods that pose ...
The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation ...
IEEE

DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data

Abstract: SQL injection attack (SQLIA) is among the most common security threats to web-based services that are deployed on cloud. By exploiting web software vulnerabilities, SQL injection attackers ...
Cyber Defense Magazine

Prompt Injection and Model Poisoning: The New Plagues of AI Security

Direct prompt injection is the hacker’s equivalent of walking up to your AI and telling it to ignore everything it’s ever been told. It’s raw, immediate, and, in the wrong hands, devastating. The ...
Cyber Defense Magazine

Fake (Hallucinated) Remote Code Execution (RCEs) in LLM Applications

As agents become integrated with more advanced functionality, such as code generation, you will see more Remote Code Execution (RCE)/Command Injection vulnerabilities in LLM applications. However, ...
Dark Reading

'Earth Lamia' Exploits Known SQL, RCE Bugs Across Asia

A China-nexus threat actor behind the recent exploitation of SAP's NetWeaver software is expanding its campaign, taking advantage of unpatched, Internet-exposed servers deployed by organizations ...