Audit summarize for security issues
Latest intel
View all →Trending on GitHub
· this weekFixes shipped
Research
A CWE-22 path traversal in NVIDIA's RAG Blueprint MCP server allowed any MCP client to read arbitrary files and ingest them into the RAG collection. We submitted the fix and NVIDIA merged it.
nekro-agent injects a single global RPC_SECRET_KEY into every LLM sandbox container, letting any prompt-injected code impersonate other containers or forge cross-channel RPC calls. The maintainer closed the fix PR without merge. Here is why the vulnerability is real regardless.
Threat Feed
liveModern frameworks keep reimplementing the same seven authentication bypass patterns. From hardcoded credentials to missing origin checks, the bugs are structural, not accidental, and the AI tooling boom is accelerating the cycle.
CVE-2025-10492, a CVSS 9.8 Java deserialisation flaw in the Jasper Report component of Hitachi Energy Ellipse, enables unauthenticated RCE on critical manufacturing systems. No patch exists for the community edition of the underlying library.
More research
CVE-2026-27663 and CVE-2026-27664 affect shared firmware components across Siemens SICAM A8000, EGS and S8000 product lines, enabling unauthenticated denial of service in power grid infrastructure.
AI orchestration platforms like LangFlow and n8n are accumulating critical RCE vulnerabilities because their architectures treat user-supplied configuration as trusted code.
CVE-2026-3356 exposes a design-level authentication failure across Anritsu's entire Remote Spectrum Monitor line. CVSS 9.3, all versions affected, no fix planned.
CVE-2026-3055, a critical out-of-bounds read in Citrix NetScaler ADC and Gateway, is being actively exploited. CISA has added it to the KEV catalog.
CVE-2026-3055, a CVSS 9.3 memory overread in Citrix NetScaler ADC and Gateway configured as SAML IDPs, is drawing active reconnaissance. Attackers are probing authentication endpoints to identify vulnerable appliances.
CISA added CVE-2025-53521 to the Known Exploited Vulnerabilities catalog on 27 March 2026 after confirming active exploitation of this CVSS 9.8 RCE in F5 BIG-IP. Affected versions span three major branches.
AI agent frameworks and deployment tools keep shipping the same environment variable injection patterns that operational tooling solved years ago. The gptme fix was one project. The pattern is everywhere.
Attackers compromised Stryker's Microsoft Entra credentials and used Intune to remotely wipe tens of thousands of employee devices. No malware was deployed. CISA responded with an emergency hardening advisory.
PraisonAI's schedule config YAML could set LD_PRELOAD, PATH and 26 other dangerous environment variables with no validation. The fix adds a blocklist and fail-closed validation.
Git tags, package registries and AI extension marketplaces all share the same authentication failure - and attackers have noticed the pattern before defenders did.
gptme's evaluation runner passed API keys as Docker CLI arguments, exposing them to every user on the system via ps or /proc. The fix took one file and five tests.
A popular summarisation tool trusted every browser origin that asked. Fixing it meant thinking about who should be allowed to talk to your localhost.
Indirect prompt injection in AI coding assistants has turned every file, dependency and skill into a potential attack vector - and the CVEs are piling up.
A group calling itself Kazu walked into New Zealand's largest patient portal with valid credentials, stole 400,000 medical documents and demanded US$60,000. The breach exposed referrals, lab results and discharge summaries for 120,000 patients - many from practices that had stopped using the platform years earlier.
Russia's Sandworm hit Poland's power grid on the coldest night of the year, deploying a new wiper across thirty facilities including renewable plants and a major heat-and-power station. The attack failed to cause blackouts - but it damaged equipment beyond repair and proved that distributed energy is now a target.
Australia's spy chief named China's hacking units on a public stage, warned of infrastructure sabotage and put a dollar figure on espionage. Beijing called it a false narrative. The numbers suggest otherwise.
A piece of ransomware described as 'incredibly basic' hit a single software platform and grounded five European airports overnight. The problem wasn't the malware - it was the architecture.
A pro-Israel hacking group stole more than $90 million from Iran's largest crypto exchange - then destroyed it. The funds were sent to wallets nobody controls.
