We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the...

CVE-2026-3611

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System Guest level 100 context, granting read/write...

EUVD-2020-25188

Malware in sbrugna...

A-Tune 访问控制错误漏洞

A-Tune is a service for atuned AI tuning systems from the openEuler community. A security vulnerability exists in A-Tune before 0.3-0.8 that originates from logging in as a local user and running the curl command to access the local atune url interface to elevate local privileges or modify any...

The vulnerability of the CODESYS Runtime Toolkit execution environment allows a perpetrator to execute arbitrary commands and load arbitrary files.

The vulnerability of the CODESYS Runtime Toolkit lies in the absence of requirements for authentication procedures in the default configuration. Exploiting this vulnerability allows a malicious actor to execute commands through the command line interface and upload arbitrary files...