Flowise Chatflow RCE
Flowise CVE-2026-40933 can turn a malicious chatflow import into server-side command execution.…
TrapDoor Hits npm, PyPI and Crates.io With AI Config Poisoning
TrapDoor spreads malicious packages through npm, PyPI and Crates.io, steals developer secrets,…
ChromaDB CVE-2026-45829 Allows Pre-Auth Server Takeover
HiddenLayer disclosed ChromaToast, a pre-auth RCE in ChromaDB Python FastAPI server deployments…
Anthropic Mythos Helped Build a macOS M5 Kernel Exploit
Calif says researchers used Anthropic’s Mythos Preview to build a local macOS…
Fake Claude Code Ads Push MacSync Stealer on macOS
A Google Ads malvertising campaign used fake Claude Code install pages and…
Ollama CVE-2026-7482 Can Leak Prompts and API Keys
Cyera disclosed Bleeding Llama, an Ollama memory-leak flaw that can expose prompts,…
Fake OpenAI Hugging Face Repo: Infostealer Warning
HiddenLayer says a fake OpenAI-themed Hugging Face repository copied a privacy-filter model…
Fake Claude AI Site Pushes Beagle Windows Backdoor
A fake Claude AI download site is using a working-looking installer to…
Alleged WormGPT breach exposes 19,000 user records, researchers say
Details from users of WormGPT, an AI tool marketed for offensive use,…
LLM chatbots look smart in tests — but falter when real people seek medical advice
A randomized study published on February 9, 2026 in Nature Medicine throws…
AI-Generated Fake IDs Are Getting Real – How to Detect and Defend
Fraud teams have been passing around the same kind of screenshot lately:…
AI Chats Are Delivering AMOS Stealer Through Google Search Results
Here's a novel malware delivery vector that nobody saw coming. Attackers are…