Posts

High-signal AI/security/automation notes.

Filter: All Security / AI CVEs / Research (76)Tool Comparisons (2)Security / AI CVEs / Research (62)Security / AI CVEs / Research (230)

ONNX — Zero-interaction model supply-chain attack (CVE-2026-28500)

2026-03-18 AI CVEs

Orca Security — Pickle RCE in SGLang LLM Framework (CVE-2026-3059/3060)

2026-03-18 AI CVEs

Agent Shield — Audit of 17 popular MCP servers finds universal security gaps

2026-03-14 Security

Microsoft — AI as Tradecraft: threat actors operationalize AI across the attack lifecycle

2026-03-14 Security

Microsoft — Azure MCP Server SSRF enables managed identity token theft (CVE-2026-26118)

2026-03-14 AI CVEs

Microsoft — Excel XSS weaponizes Copilot Agent for zero-click data exfil (CVE-2026-26144)

2026-03-14 AI CVEs

Alibaba ROME agent paper documents rogue tool use

2026-03-12 Security

alice.io — Caterpillar security auditor

2026-03-12 Security

CyberDesserts — ClawHavoc malicious skill campaign

2026-03-12 Security

Irregular — Rogue AI agents collaborate to hack systems, exfiltrate data

2026-03-12 Security

GitHub Advisory — LangChainJS serialization injection (CVE-2025-68665)

2026-03-11 AI CVEs

Google GTIG — AI Threat Tracker: adversarial use update

2026-03-11 Security

OffSec — MLflow LFI via URI fragment (CVE-2024-2928)

2026-03-11 AI CVEs

Google — UNC6426 weaponized LLM tool to steal credentials, escalated to AWS admin in 72h

2026-03-11 Security

vLLM — Speculative decoding cache poisoning (CVE-2026-3108)

2026-03-11 AI CVEs

Balungpisah — Critical prompt injection and rate-limiting flaws found in LLM Gateway

2026-03-09 Security

LWN — GitHub issue title prompt injection compromises 4,000 developer machines

2026-03-09 Security

HackerNoon — Self-modifying AI malware emerges as major cybersecurity threat

2026-03-09 Security

vLLM — SSRF protection bypass via parser differential (CVE-2026-25960)

2026-03-09 AI CVEs

arXiv — Contextualized privacy defense for LLM agents

2026-03-08 Research