LLM Security Archives • Daily CyberSecurity

Critical Langroid Vulnerability Allows RCE via Prompt Injection Langroid vulnerability RCE prompt injection

Critical Langroid Vulnerability Allows RCE via Prompt Injection

Do Son June 1, 2026

Researchers from CMU and UW-Madison discovered a critical security flaw in Langroid, a Python framework for LLM...

PraisonAI CVE-2026-44338 Exploited in the Wild Hours After Patch Disclosure PraisonAI Authentication Bypass Exploited in the Wild CVE-2026-44338

PraisonAI Authentication Bypass Exploited in the Wild CVE-2026-44338

PraisonAI CVE-2026-44338 Exploited in the Wild Hours After Patch Disclosure

Do Son May 13, 2026

A new report from the Sysdig Threat Research Team (TRT) reveals that on May 11, 2026, a...

The Local Guardian: OpenAI Unveils a 1.5B Open-Source Model to Redact PII Locally

Do Son April 24, 2026

Artificial intelligence pioneer OpenAI has introduced Privacy Filter, an open-source model possessing a compact parameter scale of...

Unpatch Ollama Flaw: Malicious Model Uploads Can Leak Server Heap Memory Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Ollama Heap Leak CVE-2026-5757 Anritsu Vulnerability Authentication Bypass Gootloader Malware Malformed ZIP Evasion Blender Malware, StealC V2 Lectora, XSS CVE-2025-9125 HFS RCE, Template Injection Arch Linux Malware, CHAOS RAT CVE-2024-56404 - CVE-2024-39327 CVE-2025-2538

Unpatch Ollama Flaw: Malicious Model Uploads Can Leak Server Heap Memory

Do Son April 23, 2026

A critical unauthenticated remote information disclosure vulnerability has been uncovered in Ollama, the popular open-source tool used...

Vibe Coding the Apocalypse: McAfee Uncovers AI-Generated Malware Scaling Global Attacks AI-Generated Malware Vibe Coding Attacks

Vibe Coding the Apocalypse: McAfee Uncovers AI-Generated Malware Scaling Global Attacks

Do Son March 23, 2026

A widespread malware campaign has been caught casting a massive net across the internet, hiding malicious code...

The Poisoned Pickle: Critical Unpatched RCE Flaws Expose SGLang AI Infrastructure

Do Son March 16, 2026

Security researchers have issued a warning to the AI development community following the discovery of critical vulnerabilities...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2026-2256: Unpatched Flaw in MS-Agent Lets Hackers Hijack AI Assistants

Do Son March 3, 2026

We are officially entering the era of the “autonomous agent”—smart AI programs that don’t just chat with...

AI-Coded Oppression: “RedKitten” Malware Targets Iranian Protesters Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

Vulnerability Digest Zero-Day Exploits Seedworm APT Dindoor Backdoor RedKitten Campaign AI-Generated Malware WSUS RCE ShadowPad CVE-2025-59287

AI-Coded Oppression: “RedKitten” Malware Targets Iranian Protesters

Do Son February 3, 2026

In a disturbing fusion of human rights abuses and artificial intelligence, researchers at HarfangLab have uncovered a...

The Invisible Trap: GenAI Now Creates “Living” Polymorphic Phishing Pages GenAI Phishing Polymorphic Attacks

The Invisible Trap: GenAI Now Creates “Living” Polymorphic Phishing Pages

Do Son January 26, 2026

Security researchers at Palo Alto Networks Unit 42 have unveiled a concerning evolution in web-based attacks, demonstrating...

The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft LangChain Serialization Injection, CVE-2025-68664

The “lc” Leak: Critical 9.3 Severity LangChain Flaw Turns Prompt Injections into Secret Theft

Do Son December 25, 2025

A critical vulnerability was found in LangChain, the popular open-source framework used to power Large Language Model...

vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

vLLM Flaw (CVE-2025-62164) Risks Remote Code Execution via Malicious Prompt Embeddings

Do Son November 24, 2025

A newly disclosed high-severity vulnerability in vLLM—one of the fastest-growing open-source inference engines for large language models—allows...

CVE-2025-32444 (CVSS 10): Critical RCE Flaw in vLLM’s Mooncake Integration Exposes AI Infrastructure vLLM Vulnerability CVE-2026-22778 vLLM Memory Corruption, AI Inference RCE CVE-2025-29783 CVE-2025-32444 vLLM vulnerability vLLM, Remote Code Execution

CVE-2025-32444 (CVSS 10): Critical RCE Flaw in vLLM’s Mooncake Integration Exposes AI Infrastructure

Do Son May 1, 2025

A critical security vulnerability has been disclosed in vLLM, a popular open-source library used for high-performance inference...

Critical Alert 1 Active Exploit Detected Today