Attackers exploited Langflow vulnerability CVE-2025-3248 to conduct an agentic AI-powered ransomware attack involving reconnaissance, credential theft, and lateral movement.
This research is part of a joint initiative between the Cloud Security Alliance (CSA) and OWASP AI Exchange, building upon the previously published Agentic AI Red Teaming Guide. The objective of this ...
A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. Tool and payload development ...
As a condition of using these data, you must cite the use of this data set. Such a practice gives credit to data set producers and advances principles of transparency and reproducibility. Other ...
Facepalm: Security researchers recently unveiled "Copy Fail," a bug that could potentially bring the entire Linux ecosystem to a screeching halt. The flaw can be reliably exploited across all ...
The Facebook Business SDK is a one-stop-shop to help our partners better serve their businesses. Partners are using multiple Facebook API's to serve the needs of their clients. Adopting all these ...
Infostealer threats are rapidly expanding beyond traditional Windows-focused campaigns, increasingly targeting macOS environments, leveraging cross-platform languages such as Python, and abusing ...
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
What just happened? Elon Musk's xAI has introduced an agentic coding model aimed at delivering speed and cost efficiency for software development tasks. Called Grok Code Fast 1, the model is built on ...
More than 4,000 victims across 62 countries have been infected by stealthy infostealers pilfering people's passwords, credit card numbers, and browser cookies, which are then sold to other criminals ...
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results