Noma Security's GitLost research shows that a public GitHub issue can trick GitHub Agentic Workflows into exfiltrating private repository contents. The attack requires no credentials — just a crafted issue on any public repo the agent can see.
Noma Security's GitLost research shows that a public GitHub issue can trick GitHub Agentic Workflows into exfiltrating private repository contents. The attack requires no credentials — just a crafted issue on any public repo the agent can see.
Sysdig's Threat Research Team published research in July 2026 documenting JADEPUFFER, the first ransomware operation fully executed by an LLM agent — no human operator required at any step after initial access.
CISA added CVE-2026-55255 to the Known Exploited Vulnerabilities catalog on July 7, 2026, after confirming active exploitation of an insecure direct object reference in Langflow that let authenticated users execute workflows belonging to other tenants.
Researchers at ICML 2026 introduce OTora, a red-teaming framework for Reasoning-Level Denial-of-Service attacks on LLM agents. The attack inflates reasoning token consumption by up to 10x and causes order-of-magnitude latency spikes while keeping task outputs correct -- making it invisible to standard error monitoring.
Sophos X-Ops telemetry analysis shows Claude Code, Cursor, and OpenAI Codex triggering behavioral EDR detection rules built to catch human attackers. Credential access patterns account for 56.2% of blocked activity -- agents using the same Windows DPAPI technique as Redline stealer.