Infosecurity Magazine

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 ...
The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
SecurityWeek

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed ...

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.
Dark Reading

SideWinder Espionage Campaign Expands Across Southeast Asia

The suspected India-linked threat group targets governments and critical infrastructure using spear-phishing, old flaws, and ...
InfoWorld

Open VSX extensions hijacked: GlassWorm malware spreads via dependency abuse

Threat actors are publishing clean extensions that later update to depend on hidden payload packages, bypassing marketplace ...

Shem Rock vs. Abdul-Kareem Al-Selwady prediction, odds, pick for UFC London

Movsar Evloev vs. Lerone Murphy continues on the prelims with a fight between Shem Rock and Abdul-Kareem Al-Selwady in the ...
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ Trivy maintainer says.
Global Investigative Journalism Network

Analyzing Job Posting Data to Investigate the African Labor Behind AGI Hype

This investigation was supported by the Pulitzer Center’s Artificial Intelligence Accountability Network  Investigative ...

AI Factories, Security Flaws, and Workforce Shifts Define This Week in Tech

Nvidia led a week of big AI moves, major security threats, app ecosystem changes, and tech industry shakeups across Apple, Google, Meta, Microsoft, and OpenAI.