Groundy — Security

Groundy — SecurityWhere AI infrastructure inherits the unpatched assumptions of the web stack beneath it, and trust boundaries collapse faster than disclosure timelines can keep up.https://groundy.com/OpenAI's New Safety Bug Bounty Pays Researchers for Jailbreaks and Policy Bypasseshttps://groundy.com/articles/openais-new-safety-bug-bounty-pays-researchers-for-jailbreaks-and-policy/https://groundy.com/articles/openais-new-safety-bug-bounty-pays-researchers-for-jailbreaks-and-policy/OpenAI's safety bounties create a vendor-controlled disclosure market where NDAs silence participants, payouts trail serious red-team costs, and open publication has no lane.Wed, 27 May 2026 00:00:00 GMTGroundy Editorial2026-05-27T00:00:00.000Zbug-bountyjailbreakprompt-injectionai-safetyopenaired-teamingresponsible-disclosureGroundy EditorialAxios npm Compromise Forces Vercel Into Platform-Level Remediationhttps://groundy.com/articles/axios-npm-compromise-forces-vercel-into-platform-level-remediation/https://groundy.com/articles/axios-npm-compromise-forces-vercel-into-platform-level-remediation/When compromised axios npm versions carried a North Korean RAT, Vercel blocked C2 egress at the deploy layer because the npm registry did not verify OIDC provenance.Wed, 27 May 2026 00:00:00 GMTGroundy Editorial2026-05-27T00:00:00.000Znpm-supply-chainaxiosvercelsapphire-sleetoidc-provenancepackage-securityGroundy EditorialNext.js Dev Server CVE-2025-48068: Any Web Page Could Read Your Source Fileshttps://groundy.com/articles/next-js-dev-server-cve-2025-48068-any-web-page-could-read-your-source-files/https://groundy.com/articles/next-js-dev-server-cve-2025-48068-any-web-page-could-read-your-source-files/CVE-2025-48068 lets any webpage read source files from a running Next.js dev server via cross-origin script inclusion, exposing secrets loaded in .env files.Wed, 27 May 2026 00:00:00 GMTGroundy Editorial2026-05-27T00:00:00.000Znextjscvecross-origindev-serverfrontend-securitylocalhostGroundy EditorialMCP Tool Description Poisoning: New Benchmark Shows Agents Trust Manuals That Liehttps://groundy.com/articles/mcp-tool-description-poisoning-new-benchmark-shows-agents-trust-manuals-that-lie/https://groundy.com/articles/mcp-tool-description-poisoning-new-benchmark-shows-agents-trust-manuals-that-lie/A new MCP benchmark shows GPT-4o susceptible to nearly 100% of attacks where a tool's description lies about its purpose, a gap runtimes and scanners cannot detect.Wed, 27 May 2026 00:00:00 GMTGroundy Editorial2026-05-28T00:00:00.000Zmcptool-description-poisoningagent-securityllm-benchmarkprompt-injectiongpt-4oGroundy EditorialOpenAI Adds a GPT-5 System Card Addendum on Sensitive Conversationshttps://groundy.com/articles/openai-adds-a-gpt-5-system-card-addendum-on-sensitive-conversations/https://groundy.com/articles/openai-adds-a-gpt-5-system-card-addendum-on-sensitive-conversations/OpenAI's GPT-5 addendum adds mental health evals and reports large safety gains between builds, but a buried extremism regression and scattered docs complicate compliance.Wed, 27 May 2026 00:00:00 GMTGroundy Editorial2026-05-28T00:00:00.000Zgpt-5system-cardsai-safetycompliancemental-healthopenaiGroundy EditorialVercel Could Block React2Shell at the Edge. Its Next 13 CVEs Had No Shortcut.https://groundy.com/articles/vercel-could-block-react2shell-at-the-edge-its-next-13-cves-had-no-shortcut/https://groundy.com/articles/vercel-could-block-react2shell-at-the-edge-its-next-13-cves-had-no-shortcut/Vercel shielded hosted React apps from React2Shell at the platform layer. Its May 2026 batch of 13 advisories, none fixable by WAF, proves that edge was the exception.Wed, 27 May 2026 00:00:00 GMTGroundy Editorial2026-05-28T00:00:00.000Zreact-server-componentsreact2shellvercelsecurity-vulnerabilityself-hostingrcecveGroundy EditorialApple Names Claude in CVE Credit Line, Setting Vendor Attribution Precedenthttps://groundy.com/articles/apple-names-claude-in-cve-credit-line-setting-vendor-attribution-precedent/https://groundy.com/articles/apple-names-claude-in-cve-credit-line-setting-vendor-attribution-precedent/Apple named Claude in a macOS Tahoe 26.5 CVE credit, the first major vendor to credit an LLM in a security advisory, forcing a decision on AI attribution across the industry.Tue, 26 May 2026 00:00:00 GMTGroundy Editorial2026-05-26T00:00:00.000Zcve-attributionai-security-researchapple-securitybug-bountyvulnerability-disclosureclaudeGroundy EditorialCISA's Internal Data Leak Tests the Disclosure Standards It Sets for Othershttps://groundy.com/articles/cisas-internal-data-leak-tests-the-disclosure-standards-it-sets-for-others/https://groundy.com/articles/cisas-internal-data-leak-tests-the-disclosure-standards-it-sets-for-others/CISA exposed cloud credentials on GitHub for months while preparing to mandate 72-hour breach reporting under CIRCIA, undermining its enforcement credibility.Mon, 25 May 2026 00:00:00 GMTGroundy Editorial2026-05-26T00:00:00.000Zcisacirciabreach-disclosurecredential-leakcybersecurity-policyincident-responseGroundy EditorialTanStack npm Attack: When OIDC Trusted Publishing Becomes the Attack Vectorhttps://groundy.com/articles/tanstack-npm-attack-when-oidc-trusted-publishing-becomes-the-attack-vector/https://groundy.com/articles/tanstack-npm-attack-when-oidc-trusted-publishing-becomes-the-attack-vector/The TanStack npm attack published 84 malicious packages without a leaked token, exploiting OIDC trusted publishing so the CI workflow itself became the credential.Mon, 25 May 2026 00:00:00 GMTGroundy Editorial2026-05-26T00:00:00.000Zsupply-chainoidcnpmgithub-actionstrusted-publishingsecurityGroundy EditorialNx s1ngularity Attackers Used Local Claude Code and Gemini CLI to Steal Developer Tokenshttps://groundy.com/articles/nx-s1ngularity-attackers-used-local-claude-code-and-gemini-cli-to-steal/https://groundy.com/articles/nx-s1ngularity-attackers-used-local-claude-code-and-gemini-cli-to-steal/The s1ngularity attack used AI coding agents on developer machines to steal credentials from over 1,000 accounts, exposing a gap that npm scanning alone cannot close.Mon, 25 May 2026 00:00:00 GMTGroundy Editorial2026-05-26T00:00:00.000Zsupply-chain-securityai-coding-agentsnpm-securitycredential-harvestingdeveloper-toolss1ngularity-attackGroundy EditorialOpenAI Ships Lockdown Mode and Elevated Risk Labels for ChatGPT Sessionshttps://groundy.com/articles/openai-ships-lockdown-mode-and-elevated-risk-labels-for-chatgpt-sessions/https://groundy.com/articles/openai-ships-lockdown-mode-and-elevated-risk-labels-for-chatgpt-sessions/OpenAI's Lockdown Mode kills ChatGPT network exfiltration paths at the infrastructure layer, conceding that model-level filtering cannot stop prompt injection.Sun, 24 May 2026 00:00:00 GMTGroundy Editorial2026-05-24T00:00:00.000Zprompt-injectionchatgpt-securitylockdown-modeai-safetydata-exfiltrationenterprise-aiGroundy EditorialAI Jailbreaks Are Now a Reasoning Problem, Not a Prompt Problemhttps://groundy.com/articles/metis-reframes-jailbreak-as-self-evolving-metacognitive-policy-optimization-not/https://groundy.com/articles/metis-reframes-jailbreak-as-self-evolving-metacognitive-policy-optimization-not/Metis rewrites its own jailbreak strategy mid-attack using causal diagnosis of refusals, hitting 76-78% ASR on O1 and GPT-5-chat. Static safety benchmarks now report a lower.Sat, 23 May 2026 00:00:00 GMTGroundy Editorial2026-05-24T00:00:00.000Zllm-jailbreakllm-securityred-teamingsafety-evaluationadaptive-attackpolicy-optimizationGroundy EditorialJailbreak Defense Now Lives in Model Weights, Not in Prompt Filtershttps://groundy.com/articles/reflector-moves-jailbreak-defense-into-model-weights-via-step-wise-self/https://groundy.com/articles/reflector-moves-jailbreak-defense-into-model-weights-via-step-wise-self/REFLECTOR internalizes jailbreak defense in model weights via per-step reflection, hitting 90%+ DSR but tying protection to base-model size and penalizing smaller deployments.Sat, 23 May 2026 00:00:00 GMTGroundy Editorial2026-05-24T00:00:00.000Zllm-securityjailbreak-defensemodel-alignmentself-reflectionguardrail-architectureicml-2026Groundy EditorialVercel Blocks Deploys With Vulnerable next-mdx-remote by Default: Platform Mitigation Outpaces the CVE Cyclehttps://groundy.com/articles/vercel-blocks-deploys-with-vulnerable-next-mdx-remote-by-default-platform/https://groundy.com/articles/vercel-blocks-deploys-with-vulnerable-next-mdx-remote-by-default-platform/Vercel blocks deploys with vulnerable next-mdx-remote at build time, cutting CVE mitigation from weeks to hours while claiming unilateral control over dependency versions.Sat, 23 May 2026 00:00:00 GMTGroundy Editorial2026-05-24T00:00:00.000Zvercelsupply-chain-securitynext-mdx-remotecve-2026-0969dependency-managementpaasGroundy EditorialVercel's Next.js Middleware Bypass Postmortem: What the Fix Reveals About Edge Runtime Authhttps://groundy.com/articles/vercels-next-js-middleware-bypass-postmortem-what-the-fix-reveals-about-edge/https://groundy.com/articles/vercels-next-js-middleware-bypass-postmortem-what-the-fix-reveals-about-edge/Two separate Next.js production failures, a header bypass CVE and an Edge Runtime mismatch, show middleware is not a reliable sole auth layer for self-hosted deployments.Sat, 23 May 2026 00:00:00 GMTGroundy Editorial2026-05-23T00:00:00.000Znextjsmiddlewareedge-runtimecve-2025-29927authorizationself-hostingweb-securityGroundy EditorialOpenAI's New Agent Defense Post Concedes Prompt Injection Is Architectural, Not Patchablehttps://groundy.com/articles/openais-new-agent-defense-post-concedes-prompt-injection-is-architectural-not/https://groundy.com/articles/openais-new-agent-defense-post-concedes-prompt-injection-is-architectural-not/OpenAI's March 2026 guide concedes prompt injection is a permanent architectural constraint, forcing expensive containment for any agent that reads untrusted data.Sat, 23 May 2026 00:00:00 GMTGroundy Editorial2026-05-23T00:00:00.000Zprompt-injectionai-agentsai-securitydefense-in-depthopenaillm-securityGroundy EditorialWhen Stronger Backdoor Triggers Backfire: An arXiv Theory Paper Inverts a Core Defense Assumptionhttps://groundy.com/articles/when-stronger-backdoor-triggers-backfire-an-arxiv-theory-paper-inverts-a-core/https://groundy.com/articles/when-stronger-backdoor-triggers-backfire-an-arxiv-theory-paper-inverts-a-core/A May 2026 arXiv paper proves backdoor attack success peaks at intermediate trigger strength then declines. Detectors built for strong triggers miss the attacks near the peak.Sat, 23 May 2026 00:00:00 GMTGroundy Editorial2026-05-23T00:00:00.000Zbackdoor-attacksadversarial-mlmodel-securitybackdoor-detectiontrigger-strengthml-safetyGroundy EditorialDPrivBench: LLMs Score 99.5% on Textbook DP but Collapse on Advanced Reasoninghttps://groundy.com/articles/dprivbench-llms-score-99-5-on-textbook-dp-but-collapse-on-advanced-reasoning/https://groundy.com/articles/dprivbench-llms-score-99-5-on-textbook-dp-but-collapse-on-advanced-reasoning/DPrivBench tests 11 LLMs on 713 differential-privacy instances. GPT-5-High hits 0.995 on textbook checks, but the best model reaches only F1 0.829 on advanced DP, and fails.Mon, 18 May 2026 00:00:00 GMTGroundy Editorial2026-05-19T00:00:00.000Zdifferential-privacyllm-benchmarksai-securityprivacy-auditingmachine-learningGroundy EditorialCatching Graph Neural Net Backdoors by Influence, Not Patternhttps://groundy.com/articles/praetorian-cuts-gnn-backdoor-success-to-0-55-by-measuring-trigger-subgraph/https://groundy.com/articles/praetorian-cuts-gnn-backdoor-success-to-0-55-by-measuring-trigger-subgraph/PRAETORIAN cuts GNN backdoor attack success to 0.55% by measuring structural influence instead of trigger patterns, forcing adaptive attackers into a stealth-vs-effectiveness.Mon, 18 May 2026 00:00:00 GMTGroundy Editorial2026-05-18T00:00:00.000Zgraph-neural-networksbackdoor-defensemachine-learning-securityadversarial-mlgnngraph-learningGroundy EditorialTrustFall: One Keypress in Claude Code, Gemini CLI, Cursor, and Copilot CLI Triggers Unsandboxed RCEhttps://groundy.com/articles/trustfall-one-keypress-in-claude-code-gemini-cli-cursor-and-copilot-cli/https://groundy.com/articles/trustfall-one-keypress-in-claude-code-gemini-cli-cursor-and-copilot-cli/A committed.claude/settings.json bypassed Claude Code's workspace trust dialog (CVE-2026-33068, CVSS 7.7), granting bypassPermissions silently. Fixed in v2.1.53.Mon, 18 May 2026 00:00:00 GMTGroundy Editorial2026-05-18T00:00:00.000Zclaude-codeworkspace-trustmcp-securitypermission-bypassci-securitytrustfallcve-2026-33068Groundy EditorialMini Shai-Hulud Ships the First Malicious npm With Valid SLSA Provenancehttps://groundy.com/articles/mini-shai-hulud-ships-the-first-malicious-npm-with-valid-slsa-provenance/https://groundy.com/articles/mini-shai-hulud-ships-the-first-malicious-npm-with-valid-slsa-provenance/TeamPCP compromised TanStack's CI to publish 84 malicious npm packages with valid SLSA Build Level 3 provenance, proving that cryptographic attestation cannot protect a.Mon, 18 May 2026 00:00:00 GMTGroundy Editorial2026-05-18T00:00:00.000Zsupply-chainnpmslsa-provenanceoidcci-cdgithub-actionstanstackGroundy EditorialMultiBreak Benchmark: 10,389 Multi-Turn Jailbreak Prompts Raise ASR 54pp on DeepSeek-R1-7Bhttps://groundy.com/articles/multibreak-benchmark-10-389-multi-turn-jailbreak-prompts-raise-asr-54pp/https://groundy.com/articles/multibreak-benchmark-10-389-multi-turn-jailbreak-prompts-raise-asr-54pp/MultiBreak's multi-turn benchmark lifts attack success 54 percentage points on DeepSeek-R1-7B, showing single-turn refusal rates understate real conversational risk.Mon, 18 May 2026 00:00:00 GMTGroundy Editorial2026-05-18T00:00:00.000Zsecurityllm-safetyjailbreakadversarial-mldeepseekai-alignmentbenchmarkGroundy EditorialNext.js CVE-2026-44578: WebSocket Upgrade SSRF Hits 79,000 Self-Hosted Instances From 13.4.13 Onwardhttps://groundy.com/articles/next-js-cve-2026-44578-websocket-upgrade-ssrf-hits-79-000-self-hosted-instances/https://groundy.com/articles/next-js-cve-2026-44578-websocket-upgrade-ssrf-hits-79-000-self-hosted-instances/Next.js 15.5.16 and 16.2.5 patch an unauthenticated WebSocket upgrade SSRF. A single absolute-form URL request proxies internal traffic, exposing 79,000 self-hosted instances.Mon, 18 May 2026 00:00:00 GMTGroundy Editorial2026-05-18T00:00:00.000Znext-jsssrfwebsocketcveself-hostedvulnerabilitypatch-managementGroundy EditorialPraisonAI CVE-2026-44338: Legacy Flask API Ships With AUTH_ENABLED=False, First Scan in 3h44mhttps://groundy.com/articles/praisonai-cve-2026-44338-legacy-flask-api-ships-with-auth-enabled-false-first/https://groundy.com/articles/praisonai-cve-2026-44338-legacy-flask-api-ships-with-auth-enabled-false-first/PraisonAI hard-coded AUTH_ENABLED=False in its legacy Flask server across 2.5.6–4.6.33. CVE-Detector/1.0 probed the open /agents endpoint 3h44m after the May 11 advisory.Mon, 18 May 2026 00:00:00 GMTGroundy Editorial2026-05-18T00:00:00.000Zpraisonaiauthentication-bypasscve-2026-44338ai-agent-securityrapid-exploitationflaskvulnerability-disclosureGroundy EditorialMicrosoft Semantic Kernel Patches Two RCE Paths: eval() in Vector Filter, DownloadFileAsync Escape to Hosthttps://groundy.com/articles/microsoft-semantic-kernel-patches-two-rce-paths-eval-in-vector-filter/https://groundy.com/articles/microsoft-semantic-kernel-patches-two-rce-paths-eval-in-vector-filter/Microsoft discloses two CVSS 9.9 Semantic Kernel RCE bugs from tool-design flaws. Trust boundary is each annotated tool method, and all agent frameworks need auditing.Sun, 17 May 2026 00:00:00 GMTGroundy Editorial2026-05-17T00:00:00.000Zsemantic-kernelprompt-injectionrceagent-securitytrust-boundarycveGroundy EditorialWindsurf CVE-2026-30615 Is the Only Zero-Click in the April MCP RCE Wave: HTML Rewrites the Confighttps://groundy.com/articles/windsurf-cve-2026-30615-is-the-only-zero-click-in-the-april-mcp-rce-wave-html/https://groundy.com/articles/windsurf-cve-2026-30615-is-the-only-zero-click-in-the-april-mcp-rce-wave-html/CISA-ADP scored CVE-2026-30615 CVSS 8.0 HIGH, making Windsurf the sole zero-click IDE in the April MCP RCE wave: attacker HTML silently rewrites mcp.json with no user.Wed, 29 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-29T00:00:00.000Zmcp-securitycve-2026-30615windsurfremote-code-executionai-ide-securityprompt-injectionzero-clickGroundy EditorialPaperclip CVE-2026-41208: Agents Can Mutate Their Own provisionCommand Into Server-Side Shell Injectionhttps://groundy.com/articles/paperclip-cve-2026-41208-agents-can-mutate-their-own-provisioncommand/https://groundy.com/articles/paperclip-cve-2026-41208-agents-can-mutate-their-own-provisioncommand/Any valid Paperclip Agent API key lets a holder overwrite provisionCommand so the server executes arbitrary shell commands during workspace provisioning without admin access.Wed, 29 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-29T00:00:00.000Zsecuritypaperclipcve-2026-41208agent-orchestrationshell-injectiontrust-boundaryapi-securityGroundy EditorialSpring AI 1.0.6 Patches Five CVEs Including CVSS 8.8 SQL Injection in CosmosDBVectorStore.doDeletehttps://groundy.com/articles/spring-ai-1-0-6-patches-five-cves-including-cvss-8-8-sql-injection/https://groundy.com/articles/spring-ai-1-0-6-patches-five-cves-including-cvss-8-8-sql-injection/Spring AI 1.0.6 patches five CVEs including SQL injection and filter-expression escapes across 14+ vector stores, proving that RAG retrieval layers are not sanitized database.Wed, 29 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-29T00:00:00.000Zspring-aicvesql-injectionrag-securityvector-storefilter-expressionpatch-releaseGroundy EditorialLMDeploy CVE-2026-33626: Vision-LLM SSRF Exploited Within 12 Hours of GHSA (see also SSRF exploited) Publicationhttps://groundy.com/articles/lmdeploy-cve-2026-33626-vision-llm-ssrf-exploited-within-12-hours-of-ghsa/https://groundy.com/articles/lmdeploy-cve-2026-33626-vision-llm-ssrf-exploited-within-12-hours-of-ghsa/CVE-2026-33626 in LMDeploy's vision endpoint was exploited 12.5 hours after GHSA disclosure, with attackers targeting AWS IMDS and Redis via the image-fetch SSRF path.Wed, 29 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-29T00:00:00.000Zssrflmdeployvision-llmcloud-securityinference-securitycve-2026-33626aws-imdsGroundy EditorialVercel's April 2026 Database Leak Pivoted From Lumma Stealer at Context AI via a Chrome Extensionhttps://groundy.com/articles/vercels-april-2026-database-leak-pivoted-from-lumma-stealer-at-context-ai-via/https://groundy.com/articles/vercels-april-2026-database-leak-pivoted-from-lumma-stealer-at-context-ai-via/Vercel's April 2026 breach began with Lumma Stealer at Context AI and pivoted through a Chrome extension OAuth token. Browser extensions are an unaudited supply-chain vector.Tue, 28 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-29T00:00:00.000Zvercel-breachsupply-chain-attackchrome-extensionoauth-securitylumma-stealerbrowser-securityGroundy EditorialInstructLab CVE-2026-6859: Hardcoded trust_remote_code=True Turns Any HuggingFace Model Into RCEhttps://groundy.com/articles/instructlab-cve-2026-6859-hardcoded-trust-remote-code-true-turns-any/https://groundy.com/articles/instructlab-cve-2026-6859-hardcoded-trust-remote-code-true-turns-any/InstructLab CVE-2026-6859 hardcodes trust_remote_code=True in transformers, enabling RCE from any HuggingFace repo. Existing supply-chain scanners cannot detect this vector.Wed, 29 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-29T00:00:00.000Zsecurityinstructlabcve-2026-6859supply-chainhuggingfacetrust-remote-coderceGroundy EditorialPickleScan 1.0.4 Patches a CVSS 10.0 pkgutil.resolve_name Bypass and Six Missing Stdlib RCE Moduleshttps://groundy.com/articles/picklescan-1-0-4-patches-a-cvss-10-0-pkgutil-resolve-name-bypass-and-six/https://groundy.com/articles/picklescan-1-0-4-patches-a-cvss-10-0-pkgutil-resolve-name-bypass-and-six/PickleScan 1.0.4 patched three critical bypasses, but the fixes expose a deeper flaw: denylist scanning cannot keep pickle safe. The structural fix is safetensors migration.Wed, 29 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-29T00:00:00.000Zsecuritypicklescansafetensorshugging-facepythonmachine-learningcveGroundy EditorialMercor's 4TB Lapsus$ Breach Hands Voice-Clone Attackers 40,000 Pre-Verified Targetshttps://groundy.com/articles/mercors-4tb-lapsus-breach-hands-voice-clone-attackers-40-000-pre-verified/https://groundy.com/articles/mercors-4tb-lapsus-breach-hands-voice-clone-attackers-40-000-pre-verified/Mercor's LiteLLM breach exposed interviews with IDs and 2-5 minute voice samples, collapsing the cost of voice-clone phishing by pairing clean audio with verified identities.Wed, 29 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-29T00:00:00.000Zsecurityvoice-cloningsupply-chainbiometric-privacyphishinglitellmGroundy EditorialBitwarden CLI Compromise Extends the Checkmarx Supply-Chain Campaign to Credential Toolinghttps://groundy.com/articles/bitwarden-cli-compromise-extends-the-checkmarx-supply-chain-campaign/https://groundy.com/articles/bitwarden-cli-compromise-extends-the-checkmarx-supply-chain-campaign/A trojanized @bitwarden/cli release spent 93 minutes on npm April 22. The Checkmarx-themed payload harvested credentials via preinstall hook, exposing vault session tokens.Tue, 28 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-29T00:00:00.000Zsupply-chainbitwardennpm-malwarecredential-theftdeveloper-securityci-cdcheckmarxGroundy EditorialFlowise's CVE-2026-41264: LLM-Written `import` Becomes Unauthenticated RCEhttps://groundy.com/articles/flowises-cve-2026-41264-turns-an-llm-written-import-statement-into/https://groundy.com/articles/flowises-cve-2026-41264-turns-an-llm-written-import-statement-into/CVE-2026-41264 (CVSS 9.8) shows how Flowise's CSV Agent regex allowlist fails when the LLM writes the code: aliasing os as pandas bypasses the filter for unauthenticated RCE.Fri, 24 Apr 2026 00:00:00 GMTGroundy Editorial2026-05-26T00:00:00.000Zprompt-injectionagent-securityrceflowisellm-code-executionsandbox-bypassGroundy EditorialCitizen Lab's 'Bad Connection' Names Three Telecom Entry Points, Shows Diameter Silently Falls Back to SS7https://groundy.com/articles/citizen-labs-bad-connection-report-names-three-telecom-entry-points-including/https://groundy.com/articles/citizen-labs-bad-connection-report-names-three-telecom-entry-points-including/Citizen Lab names 019Mobile and two carriers as surveillance transit points and shows roaming-forced SS7 fallback undermines Diameter protections even on upgraded networks.Fri, 24 Apr 2026 00:00:00 GMTGroundy Editorial2026-05-18T00:00:00.000Ztelecom-securityss7-diametersurveillanceroaming-securitygt-leasingsignaling-firewallcitizen-labGroundy EditorialSGLang's CVE-2026-5760 Turns a GGUF Download Into RCE, Shifting the Trust Boundary to Hugging Facehttps://groundy.com/articles/sglangs-cve-2026-5760-turns-a-gguf-download-into-rce-and-shifts-the-trust/https://groundy.com/articles/sglangs-cve-2026-5760-turns-a-gguf-download-into-rce-and-shifts-the-trust/CVE-2026-5760 lets poisoned GGUF files trigger Jinja2 SSTI through SGLang's unsandboxed template rendering, forcing teams to treat hub downloads as executable code.Thu, 23 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-24T00:00:00.000Zsglangcve-2026-5760jinja2-sstigguf-securitymodel-hub-trustinference-securityremote-code-executionGroundy EditorialMarch-April MCP CVEs Expose the Local-Host Trust Model in AI Agent Frameworkshttps://groundy.com/articles/marchapril-mcp-cves-expose-the-local-host-trust-model-in-ai-agent-frameworks/https://groundy.com/articles/marchapril-mcp-cves-expose-the-local-host-trust-model-in-ai-agent-frameworks/Three CVEs scoring up to 9.8 reveal a structural flaw: MCP's local-host trust model lacks authentication primitives for networked multi-tenant deployments.Thu, 23 Apr 2026 00:00:00 GMTGroundy Editorial2026-04-24T00:00:00.000Zmcp-securitycveauthenticationai-agentsprotocol-designvulnerabilitysupply-chainGroundy EditorialHow Researchers Hacked McKinsey's AI Platform: What It Revealshttps://groundy.com/articles/mckinsey-ai-platform-hacked/https://groundy.com/articles/mckinsey-ai-platform-hacked/CodeWall's autonomous agent breached McKinsey's Lilli platform in two hours via SQL injection, exposing 46.5M messages and writable system prompts through a decades-old vulnerability.Fri, 13 Mar 2026 00:00:00 GMTGroundy Editorial2026-05-24T00:00:00.000Zsecurityenterprise-aivulnerabilitysql-injectionai-securityGroundy EditorialThe Mysterious Case of Chinese Bot Traffic in 2026: How AI-Powered Bots Are Rewriting the Rules of Detectionhttps://groundy.com/articles/mysterious-chinese-bot-traffic-2026/https://groundy.com/articles/mysterious-chinese-bot-traffic-2026/Chinese bot traffic patterns have shifted dramatically in 2026, with AI-driven bots now accounting for 80% of AI bot activity and record-breaking 31.4 Tbps DDoS attacks. These new behaviors evade traditional detection through residential proxy networks, behavioral mimicry, and sophisticated infrastructure.Fri, 20 Feb 2026 00:00:00 GMTGroundy Editorial2026-05-18T00:00:00.000Zsecuritybotstraffic-analysischinaGroundy Editorial