The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...

7-Zip: Update closes code smuggling vulnerability

The popular compression program 7-Zip contains a vulnerability that allows the injection of malicious code. An update is ...

Oracle issues out-of-band warning about critical PeopleSoft code injection flaw

Oracle is closing a critical code injection vulnerability in PeopleSoft with an update outside of its usual schedule.
The Hacker News

Langflow Vulnerability CVE-2026-5027 Exploited for Unauthenticated RCE

CVE-2026-5027 lets attackers abuse Langflow path traversal, exposing 7,000 AI app instances to file-write attacks.
CIO

Enterprises know AI-generated code is vulnerable; they’re shipping it anyway

As AI systems discover and exploit flaws at unprecedented speed, organizations are still deploying software they know ...
CSOonline

Gen AI is transforming vulnerability hunting for pen-testers and attackers alike

Large language models (LLMs) are proving to be valuable tools for discovering zero-days, bypassing detection, and writing exploit code, thereby lowering the barrier to entry for penetration testers — ...
TechSpot

Microsoft's June Patch Tuesday fixes a record 200 vulnerabilities, including five being ...

In a nutshell: On the second Tuesday of every month, Microsoft addresses the overall security of its many software products. The Patch Tuesday tradition has continued for more than 20 years, but the ...