latesthackingnews.comOpinion

The ASLR Caveat on NGINX’s Critical HTTP/3 Flaw Changes Nothing About Urgency

CVE-2026-42530, the NGINX HTTP/3 vulnerability rated CVSS 9.2, is collecting dismissals because exploitation requires ASLR to ...
latesthackingnews.com

LiteLLM Vulnerability Chain: What Security Teams Running AI Gateways Need to Do Now

A three-CVE chain lets any default LiteLLM user escalate to admin and get a shell on the gateway server. A separate RCE is ...

Why AI agents could create a new control and security crisis

Abhinav: The technology is advancing quickly. One important development is the adoption of the Model Context Protocol (MCP) ...
Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
Redmondmag.com

Microsoft Introduces EWSAllowedAppIDs Ahead of Exchange Web Services Retirement

New control helps organizations manage application access as Microsoft continues phasing out Exchange Web Services.

macOS Golden Gate Beta 2 Now available for Developers

Apple today provided developers with the second beta of macOS Golden Gate, with the update coming two weeks after Apple ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
The Hacker News

⚡ Weekly Recap: Browser Bugs, EDR Killers, TV Botnet, OpenBSD Flaw, Android Trojan, and More

This week’s cybersecurity recap covers Firefox and Chrome bugs, EDR-killer tools, a TV botnet, an OpenBSD flaw, Android ...
SecurityWeek

F5 Patches Critical, High-Severity NGINX Vulnerabilities

F5 has patched multiple NGINX vulnerabilities, including critical flaws leading to unauthenticated, remote code execution.

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
Decrypt

Inception Labs' Mercury 2 AI Beats Google's DiffusionGemma at Its Own Game

Both models trade word-by-word generation for parallel denoising. Only one of them does it without losing intelligence in the ...