Vulnerabilities | News, how-tos, features, reviews, and videos
While the AI itself wasn’t weaponized, the technique raises concerns about AI agents with broad system access.
The scope of an old PDF parsing flaw has been widened to include more Tika modules.
Critical vulnerability in React library should be treated by IT as they did Log4j - as an emergency, warns one expert.
25 frontier proprietary and open-weight models yielded high attack success rates when prompted in verse, indicating a deeper, underlying problems in their ability to process ambiguity veiled in poetry.
The tool for creating agents has vulnerabilities, say experts; Google says it will post known issues publicly as it works to address them.
The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers.
In our study, a novel SAST-LLM mashup slashed false positives by 91% compared to a widely used standalone SAST tool.
Flaws replicated from Meta’s Llama Stack to Nvidia TensorRT-LLM, vLLM, SGLang, and others, exposing enterprise AI stacks to systemic risk.
The flaws let attackers abuse masked paths, console bind-mounts, and redirected writes to escape containers and gain host privileges.
The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems before a fix in version 20.0.0.
Hole in the TAR library and its forks could lead to remote code execution.
The incident highlights rising AI risks as malicious actors exploit powerful tools amid weak safeguards and oversight.
The tool, created by university researchers, is designed to find and automatically create a patch for vulnerabilities in large repositories like GitHub, but it isn’t perfect yet.