groundy
security page 2 / 2 · back to top →

security

more in this beat 51–71 of 71 · page 2 / 2
  1. may 17 security TrustFall: One Keypress in Claude Code, Gemini CLI, Cursor, and Copilot CLI Triggers Unsandboxed RCE
  2. may 17 security Mini Shai-Hulud Ships the First Malicious npm With Valid SLSA Provenance
  3. may 17 security MultiBreak Benchmark: 10,389 Multi-Turn Jailbreak Prompts Raise ASR 54pp on DeepSeek-R1-7B
  4. may 17 security Next.js CVE-2026-44578: WebSocket Upgrade SSRF Hits 79,000 Self-Hosted Instances From 13.4.13 Onward
  5. may 17 security PraisonAI CVE-2026-44338: Legacy Flask API Ships With AUTH_ENABLED=False, First Scan in 3h44m
  6. may 16 security Microsoft Semantic Kernel Patches Two RCE Paths: eval() in Vector Filter, DownloadFileAsync Escape to Host
  7. apr 28 security Windsurf CVE-2026-30615 Is the Only Zero-Click in the April MCP RCE Wave: HTML Rewrites the Config
  8. apr 28 security Paperclip CVE-2026-41208: Agents Can Mutate Their Own provisionCommand Into Server-Side Shell Injection
  9. apr 28 security Spring AI 1.0.6 Patches Five CVEs Including CVSS 8.8 SQL Injection in CosmosDBVectorStore.doDelete
  10. apr 28 security LMDeploy CVE-2026-33626: Vision-LLM SSRF Exploited Within 12 Hours of GHSA Publication
  11. apr 28 security InstructLab CVE-2026-6859: Hardcoded trust_remote_code=True Turns Any HuggingFace Model Into RCE
  12. apr 28 security PickleScan 1.0.4 Patches a CVSS 10.0 pkgutil.resolve_name Bypass and Six Missing Stdlib RCE Modules
  13. apr 28 security Mercor's 4TB Lapsus$ Breach Hands Voice-Clone Attackers 40,000 Pre-Verified Targets
  14. apr 27 security Vercel's April 2026 Database Leak Pivoted From Lumma Stealer at Context AI via a Chrome Extension
  15. apr 27 security Bitwarden CLI Compromise Extends the Checkmarx Supply-Chain Campaign to Credential Tooling
  16. apr 23 security Flowise's CVE-2026-41264: LLM-Written `import` Becomes Unauthenticated RCE
  17. apr 23 security Citizen Lab's 'Bad Connection' Names Three Telecom Entry Points, Shows Diameter Silently Falls Back to SS7
  18. apr 22 security SGLang's CVE-2026-5760 Turns a GGUF Download Into RCE, Shifting the Trust Boundary to Hugging Face
  19. apr 22 security March-April MCP CVEs Expose the Local-Host Trust Model in AI Agent Frameworks
  20. mar 12 security How Researchers Hacked McKinsey's AI Platform: What It Reveals
  21. feb 19 security The Mysterious Case of Chinese Bot Traffic in 2026: How AI-Powered Bots Are Rewriting the Rules of Detection