Sysdig's Threat Research Team published research in July 2026 documenting JADEPUFFER, the first ransomware operation fully executed by an LLM agent — no human operator required at any step after initial access.
Sysdig's Threat Research Team published research in July 2026 documenting JADEPUFFER, the first ransomware operation fully executed by an LLM agent — no human operator required at any step after initial access.
CISA added CVE-2026-55255 to the Known Exploited Vulnerabilities catalog on July 7, 2026, after confirming active exploitation of an insecure direct object reference in Langflow that let authenticated users execute workflows belonging to other tenants.
Researchers at Tel Aviv University have chained two well-known AI weaknesses, hallucination and prompt injection, into a technique that can trick AI coding assistants into installing botnet malware on a user's machine.
Three high-severity vulnerabilities in the OpenClaw AI assistant allow a remotely-sent WhatsApp message to trigger host code execution, SSH key theft, and Docker socket escape. All three are patched in version 2026.6.6.
A Wake Forest University empirical study found 282 of 444 iOS AI apps expose exploitable LLM credentials through network traffic. Three months after responsible disclosure, 72% remained vulnerable.
NCC Group researchers exposed Kitana, an adversary-in-the-middle fraud platform that uses AI to generate visitor-specific decoy pages and hijack payment sessions in hospitality and e-commerce environments. A related campaign exploits prompt injection to trick AI agents into authorising cryptocurrency payments.
CVE-2026-21858 gives unauthenticated attackers full code execution on n8n workflow servers. Langflow's new IDOR vulnerability has been added to CISA KEV. GitHub Copilot's MCP integration carries a prompt-injection-to-RCE chain. AI automation infrastructure is becoming a primary attack surface.