Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence AI coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted usi

The threat landscape has evolved significantly since the inception of managed detection and response (MDR) services. As attackers have become more sophisticated, incorporating AI into their tactics, defenders have also turned to AI to stay ahead. This arms race is forcing security teams to reevaluate the effectiveness of MDR and consider alternative solutions. While MDR was once a viable option for overworked security teams, its limitations are becoming increasingly apparent. The reliance on AI-powered detection and response is no longer a luxury, but a necessity. As the threat landscape continues to evolve, security teams must adapt and find new ways to stay ahead of attackers. The future of MDR is uncertain, but one thing is clear: AI will play a central role in the fight against cyber threats.]]> https://newsfeed.voltixio.com/article/langgraph-flaw-chain-exposes-self-hosted-ai-agents-to-remote-code-execution https://newsfeed.voltixio.com/article/langgraph-flaw-chain-exposes-self-hosted-ai-agents-to-remote-code-execution Fri, 12 Jun 2026 09:50:36 +0000 VoltixIO AI Cybersecurity

Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artif

An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service PhaaS platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle Ea

Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a key financial pipeline used to wash hundreds of millions in illicit profits. The

The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity betw

A recent study by Imperva has exposed a critical vulnerability in the OpenClaw AI agent, a popular self-hosted tool used for various tasks. The researchers found that OpenClaw can be tricked into running attacker-controlled code or leaking sensitive data through seemingly innocuous inputs. The team demonstrated this by burying malicious instructions inside shared contacts, vCards, and location data, which were then executed by the AI agent. Meanwhile, another security team has also published research highlighting similar vulnerabilities in OpenClaw. This raises concerns about the security and reliability of the AI agent, which is widely used in various industries. As a result, users are advised to exercise caution when interacting with OpenClaw and to ensure that the tool is properly secured to prevent potential attacks.

Security researcher Chaotic Eclipse aka Nightmare-Eclipse and MSNightmare has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. This was an accidental discovery, it took a total of 4 hours to find this, the researcher said in

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. ...

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. The individual, whose identity has not been disclosed, is accused of participating in the notorious ransomware group's activities. The Conti ransomware operation has been linked to numerous high-profile cyberattacks worldwide, causing significant financial losses and disruptions. The guilty plea is seen as a major breakthrough in the ongoing investigation into the group's operations. As part of the plea agreement, the individual is expected to cooperate with authorities and provide information on the group's inner workings. The case is a significant development in the global effort to combat cybercrime and hold perpetrators accountable for their actions.

More than 400 packages in the Arch User Repository AUR are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. ...

GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. ...

Microsoft has addressed a critical issue that caused Windows updates, released since May 2025, to fail when installed via the Windows Update Standalone Installer (WUSA) from a network share. The problem, which affected users worldwide, has been resolved through a patch that ensures seamless updates for those affected. The fix is now available for download, and users are advised to update their systems to the latest version to avoid any further issues. This resolution comes as a relief to many users who experienced difficulties with Windows updates, particularly those relying on network shares for their update installations. Microsoft's prompt action in addressing this issue demonstrates its commitment to providing a stable and reliable Windows experience for its users.

Danish pharmaceutical giant Novo Nordisk, the world s largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. ...

The U.S. Cybersecurity and Infrastructure Security Agency CISA ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive BOD 26-04. ...

The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. ...