Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
Security Boulevard

Hidden Risks Behind HTTP Request Smuggling

Web applications rely on multiple layers of infrastructure to process user requests efficiently. Load balancers, reverse proxies, caching servers, and application servers all work together to improve ...
Morning Overview on MSN

LiteLLM just fell to a full-chain Pwn2Own exploit combining SSRF and code injection — researchers took full system control

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise ...
Dark Reading

Content Delivery Exploit Opens Websites to Brand Hijacking

The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak ...
Bleeping Computer

Hackers exploit FortiClient EMS flaw to push infostealer malware

Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker ...
CoinTelegraph

THORChain pauses trading after suspected $10M exploit

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
Microsoft

Malicious npm packages abuse dependency confusion to profile developer environments

A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and ...
Forbes

Microsoft Windows Alert—Angry Hacker Drops 2 New Zero-Day Exploits

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. This voice experience is generated by AI. Learn more. This ...
Forbes

Microsoft Windows 11 Exploited 3 Times In 24 Hours By Zero-Day Hackers

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Windows 11 zero-day exploits surge at Pwn2Own hacking event. It has not been a great week ...
Hosted on MSN

Active exploits target major server platforms amid urgent patch calls

Critical flaws emerge: Severe vulnerabilities in Apache HTTP/2, SharePoint, cPanel, and iOS are confirmed, some with working exploits and active attacks. Patching urgency: Authorities urge immediate ...