7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
Bleeping Computer

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows. The campaign was ...
Bleeping Computer

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May ...
CSOonline

New image-based prompt injection attack targets multimodal AI models

Security researchers have developed a new image-based prompt injection attack that can manipulate how multimodal AI systems interpret user instructions without modifying the original text prompt, ...
CNN

Ukraine attack ‘largest in over a year’ on Moscow, Russian state media reports

At least three people were killed near Moscow after Ukraine targeted Russia with more than 500 drones overnight, Russian state news agency TASS reported Sunday, citing local and military officials.
Times Union

Missouri man charged after bomb-making tutorials were allegedly used in New Orleans attack

Federal prosecutors charged a Missouri man on Tuesday with allegedly sharing instructional bomb-making videos on social media, which were eventually used by the man who killed 14 people and injured ...