LangChain framework hit by several worrying security issues — here's what we know

LangChain and LangGraph have patched three high-severity and critical bugs.
The Hacker News

Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access

Docker CVE-2026-34040 enables AuthZ bypass via padded requests, risking host compromise; fixed in version 29.3.1.
Security Boulevard

The Attack Helix: Praetorian Guard’s AI Architecture for Offensive Security

The Kill Chain models how an attack succeeds. The Attack Helix models how the offensive baseline improves. Tipping Points One person. Two AI subscriptions. Ten government agencies. 150 gigabytes of ...
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

Critical Fortinet Forticlient EMS flaw now exploited in attacks

Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused.
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Indirect Injection and Multi-Modal Attacks: Poisoning the Pipeline

Indirect prompt injection represents a more insidious threat: malicious instructions embedded in content the LLM retrieves ...
Nature

Primer: pitfalls of aspiration and injection

This review on joint aspiration and injection focuses on three common clinical problems: how to deal with 'dry taps', especially when a septic joint is suspected in the differential diagnosis; how to ...
Healthline

A Guide to Using Zepbound, Its Side Effects, and More

Zepbound (tirzepatide) is a prescription drug used for weight loss and obstructive sleep apnea in certain adults. It works by reducing appetite and slowing digestion, which makes you consume fewer ...