AI Agent Exploits Langflow RCE to Automate Database Ransomware Attack
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Security firm Sysdig says it has found what it believes is the first ransomware attack run from start to finish by an AI agent
The CI/CD workflow weakness affects Microsoft's Azure Sentinel, Google's AI Agent Development Kit, Apache's Doris analytics database, Cloudflare's Workers SDK, and Python Software Foundation's Black.
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found by an autonomous AI tool built to hunt bugs in large codebases
Flaws in OpenEMR's platform — used by more than 100,000 healthcare providers — enabled database compromise, remote code execution, and data theft.
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents
Complaints Allege Tempus AI Lacked Consent to Use, Share Data With Pharma Cos.A healthcare artificial intelligence firm that sells genetic information from an acquired database holding the results of millions of screening tests faces multiple putative class action lawsuits in Chicago federal court. Genetic data resists attempts to de-identify it, plaintiffs say.
Cybersecurity Startup Exposed Lilli Using a Flaw as Old as the WebSecurity startup CodeWall disclosed this week that its autonomous AI agent breached McKinsey's internal AI platform Lilli in two hours on Feb. 28, accessing tens of millions of messages and hundreds of thousands of files through a basic, years-old database flaw.
PLUS: Unpatched Ivanti boxes under attack; 0APT might not be a scam; AI gets better at helping cyber-scum; And more Infosec In Brief An unknown attacker accessed the French government’s database listing every bank account in the country and made off with 1.2 million records.…
Database Misconfiguration Exposed 1.5 million API TokensA misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch.
In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access
In misinformation, Russia might be the top dog but the Chinese are coming warns former NSA boss DEF CON A cache of documents uncovered by Vanderbilt University has revealed disturbing details about how a Chinese company is building up a database of US politicians and influencers with whom to share propaganda.…
Cifas noted a record number of filings in its National Fraud Database for the first half of 2025
Google on Tuesday revealed that its large language model (LLM)-assisted vulnerability discovery framework discovered a security flaw in the SQLite open-source database engine before it could have been exploited in the wild
DeepSeek, the Chinese AI startup known for its DeepSeek-R1 LLM model, has publicly exposed two databases containing sensitive user and operational information. [...]
Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data
Oh someone's in DeepShi... China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story.…
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access
Now-Fixed Flaw Is Big Sleep's First Real-World Bug Find, Say ResearchersGoogle's "highly experimental" artificial intelligence agent Big Sleep has autonomously discovered an exploitable memory flaw in popular open-source database engine SQLite. The researchers detail how the AI agent discovered the now-patched vulnerability.
A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model (LLM) assisted framework called Big Sleep (formerly Project Naptime)