The Hacker News

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Three LangChain flaws enable data theft across LLM apps, affecting millions of deployments, exposing secrets and files.
BankInfoSecurity

Autonomous Agent Hacked McKinsey's AI in 2 Hours

Security startup CodeWall disclosed this week that its autonomous AI agent breached McKinsey's internal AI platform Lilli in ...
SecurityWeek

Ally WordPress Plugin Flaw Exposes Over 200,000 Websites to Attacks

A vulnerability in the Ally WordPress plugin exposes over 200,000 websites to sensitive information disclosure via SQL queries.
CSO Online

CISA warns of actively exploited Ivanti EPM and Cisco SD-WAN flaws

Patched vulnerabilities in Ivanti Endpoint Manager and Cisco Catalyst SD-WAN are under attack, according to the US security agency, which added reporting requirements to its previous Cisco directive.

Fortinet closes brute-force and command injection flaws in FortiWeb & Co.

Fortinet closes flaws in FortiWeb and FortiManager, allowing command injection, among other things. FortiGate firewalls were attacked.
New Jersey Herald

SafePrompt Launches Prompt Injection Protection API for AI Developers

Our goal was to make prompt security as simple as Stripe made payments: one API call, transparent pricing, no sales calls.” — Ian Ho, Founder, SafePrompt SAN ...