The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
SecurityWeek

Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks

Anthropic launches Claude Mythos and Project Glasswing to strengthen cybersecurity—while experts warn the same tech could ...

Telnyx joins LiteLLM in latest PyPI package poisoning tied to Trivy breach

The cybercrime crew linked to the Trivy supply-chain attack has struck again, this time pushing malicious Telnyx package ...
The Hacker News

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Three LangChain flaws enable data theft across LLM apps, affecting millions of deployments, exposing secrets and files.
Dark Reading

Critical Flaw in Langflow AI Platform Under Attack

Threats actors pounced on the vulnerability within hours of its disclosure, demonstrating that organizations have little time ...
JD Supra

New iOS Exploit "DarkSword" and a New Era of Mobile Security

Advanced iOS exploits are scalable and actively circulating. A new report detailing "DarkSword" found its highly sophisticated mobile exploitation capabilities are being used across multiple threat ...
Infosecurity-magazine.com

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Threat actors have demonstrated just how quickly they operate today after exploiting a critical open source vulnerability within 20 hours, working only from the advisory description. The bug, CVE-2026 ...
GitHub

Python2 Simple CTF 46635.py

# Exploit Title: Unauthenticated SQL Injection on CMS Made Simple <= 2.2.9 parser.add_option('-u', '--url', action="store", dest="url", help="Base target uri (ex ...
TechSpot

Hackers are selling a critical Windows zero-day exploit for $220,000 on the dark web

The big picture: A cybercriminal is reportedly selling a Windows zero-day exploit on the dark web for $220,000. The vulnerability, which targets Windows Remote Desktop Services, could allow an ...