SecurityWeek

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

Threat actors are exploiting vulnerabilities in Joomla and the LiteSpeed cPanel plugin for code execution and privilege ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...
The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Microsoft details AutoJack exploit chain targeting AutoGen Studio MCP WebSocket in pre-release builds, enabling ...
SecurityWeek

Microsoft Teams Relay Servers Abused in DragonForce Ransomware Attack

DragonForce ransomware operators are using a new backdoor that relies on Microsoft Teams relay servers for C&C.
The Hacker News

The Top 10 Attack Surface Exposures in 2026

Intruder analyzed 3,000 attack surfaces and found 60% exposed HTTP panels, 49% risky ports, and 42% internet-facing databases ...
PCMag

I Traced My Leaked Email Address to the Dark Web. Here's How It Got There

After AI-powered scams overwhelmed my inbox, I investigated how my email address ended up on the dark web—and discovered the ...
Bleeping Computer

Microsoft links Mastra AI supply chain attack to North Korean hackers

Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. This attribution ...
The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.
WeLiveSecurity

EvilTokens: A phishing attack that doesn’t steal your password

A phishing kit subverting Microsoft’s legitimate authentication flow lets attackers break into accounts without stealing ...