The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
Security Boulevard

That “job brief” on Google Forms could infect your device

Instead of the usual phishing email or fake download page, attackers are using Google Forms to kick off the infection chain. The attack typically begins when a victim downloads a business-themed ZIP ...

Chainguard is racing to fix trust in AI-built software - here's how

Chainguard is expanding beyond open-source security to protect open-core software, AI agent skills, and GitHub Actions.
eWeek

Xiaomi's Hunter Alpha Ends DeepSeek Hype

eSpeaks’ Corey Noles talks with Rob Israch, President of Tipalti, about what it means to lead with Global-First Finance and how companies can build scalable, compliant operations in an increasingly ...
SecurityWeek

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.