CISA: New Langflow flaw actively exploited to hijack AI workflows

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical ...
The Hacker News

Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Valentić told The Hacker News that the use of fake progress indicators mimicking legitimate installation progress and the ...
Security Boulevard

CanisterWorm: The Self-Spreading npm Attack That Uses a Decentralized Server to Stay Alive

UTC, Aikido Security detected an unusual pattern across the npm registry: dozens of packages from multiple organizations were ...
CSO Online

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package ...

Scispot Launches MCP Server to Bring Governed AI Actions to Live Lab Workflows

Scispot, the AI-native lab operating system for modern life science teams, today announced the availability of the Scispot MCP Server, a Model Context Protocol server that lets AI assistants securely ...
The Hacker News

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

CVE-2025-32975 exploited since March 2026 on unpatched KACE SMA systems, enabling admin takeover and payload delivery.
Infosecurity Magazine

EtherRAT Techniques Bypass Security Via Ethereum Smart Contracts

A new EtherRAT malware campaign using Ethereum smart contracts to hide command-and-control (C2) infrastructure has been ...
Dark Reading

Interlock Ransomware Targets Cisco Enterprise Firewalls

The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before ...
Dark Reading

How AI Coding Tools Crushed the Endpoint Security Fortress

Security vendors have spent years building up defenses around the endpoint, but one researcher says AI coding tools have ...

The agentic workforce is here: Why Cisco just put a ‘Claw’ on AI security

At RSAC 2026, there has been a definite change in topic as the world has been shifting from conversational AI to agentic AI. The world is moving from AI that answers questions to AI that takes actions ...