InfoWorld

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...

Worrying open-source security issue 'BadHost' could affect millions of AI agents

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
techtimes

llama.cpp GGUF Parser Flaws: Critical Integer Overflow Enables Arbitrary Reads in Every Local AI Stack

A security researcher published six vulnerabilities in llama.cpp's model-file parser to the oss-security mailing list on May 15, 2026 — and none of them carry an assigned CVE number, meaning standard ...
Tech Times

Open Source Robotics AI Reaches Inflection Point: LeRobot Hub Surpasses 58,000 Datasets in One Year

Open source robotics AI platform LeRobot surpassed 58,000 community datasets in 2026 — 50x growth in under a year — making it the largest dataset category on Hugging Face and signaling a ...
Techzine Europe

Vulnerability in open-source component puts AI platforms at risk

A serious security vulnerability in a widely used open-source Python component could put a large number of AI agents ...
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...
thearabianpost

Outdated BIG-IP devices expose Linux networks

Hackers are exploiting unsupported F5 BIG-IP appliances to gain SSH access to enterprise Linux systems, turning trusted edge infrastructure into entry points for deeper attacks on identity systems and ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
SecurityWeek

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Drupal has patched CVE-2026-9082, a highly critical vulnerability that could allow threat actors to hack websites.

Microsoft is working on a patch for ‘YellowKey’ attack on Bitlocker, offers temporary fix

Microsoft says it is considering a patch for a zero-day vulnerability, dubbed YellowKey, that allows attackers with access to ...