Flaws replicated from Meta’s Llama Stack to Nvidia TensorRT-LLM, vLLM, SGLang, and others, exposing enterprise AI stacks to systemic risk. Cybersecurity researchers have uncovered a chain of critical ...

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...

The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine. An ...

Multiple CVEs in the Chaos-Mesh platform have been discovered, including three critical vulnerabilities that allow in-cluster attackers to run arbitrary code on any pod, even in the default ...

Oasis Security has uncovered a flaw in the widely used AI-powered code editor Cursor that lets malicious repositories silently execute code the moment a developer opens them. According to a disclosure ...

Researchers have found 14 logic flaws in various components of HashiCorp Vault and CyberArk Conjur, two open-source credential management systems, allowing attacks that could bypass authentication ...

TL;DR: WinRAR has a critical security vulnerability (CVE-2025-6218) allowing remote code execution via directory traversal in Windows versions. This exploit risks sensitive data and system integrity.

The threat associated with a critical decade-old remote code execution vulnerability in Roundcube webmail has increased sharply in recent days, with proof-of-concept (PoC) code for the bug becoming ...

Would you trust an AI agent to run unverified code on your system? For developers and AI practitioners, this question isn’t just hypothetical—it’s a critical challenge. The risks of executing ...

An unnamed threat actor claims that a zero-day vulnerability found within Fortinet's FortiGate firewalls can be exploited remotely, allowing the attacker to execute arbitrary code without ...

Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. FreeType is a popular ...

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...