The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...

Instagram Hackers Bypass Two-Factor Authentication Using 'Flawed' Meta AI Support System to Steal Rare Verified Accounts

A flaw in Meta's AI-powered Instagram recovery tool allowed attackers to hijack accounts by redirecting password reset links, ...
CSO Online

AI worm prototype shows attackers don’t need Mythos to take over your network

University of Toronto researchers demonstrate how open-weight local LLMs can be used to autonomously exploit flaws and ...

Federal agencies warn energy and food sectors of vulnerabilities in tank gauge systems

ATGs are used in multiple critical sectors of industry, and many are still unsecured.

SAP fixes critical flaws in NetWeaver and Commerce Cloud

SAP has released fixes for 15 vulnerabilities as part of its June 2026 Security Patch package, including four ...
CSO Online

Frontier AI models offer sneak peak of seismic cyber shifts ahead

CISOs need to prepare for a vulnerability discovery onslaught, even as attackers will still have work to do to operationalize ...

Patch now! Attackers exploiting critical malicious code vulnerability in Drupal

Attackers are currently targeting websites created with the CMS Drupal. However, pages are only vulnerable if they use PostgreSQL.

CBSE breach scare: What really happens after a cyberattack — and can AI help stop the next one?

The reported cyberattacks on CBSE’s re-evaluation portal have reignited questions about the security of India’s digital ...
Yonkers Times

Web Application Penetration Testing: How Testers Think Like Attackers to Find Real Exploits

Most organizations find out about security gaps the hard way. By the time a vulnerability surfaces, attackers have already ...
WhoWhatWhy on MSN

Saturday hashtag: #AIPoisonPill

Welcome to Saturday Hashtag, a weekly place for broader context. Saturday Hashtag: #AIPoisonPill originally appeared on ...
Hackaday

sql injection

Web systems are designed to be simple and reliable. Designing for the everyday person is the goal, but if you don’t consider the odd man out, they may encounter some problems. This is the everyday ...