Safeguarding LLMs against Misuse and AI-Driven Malware Using Steganographic Canaries

AI-powered malware increasingly exploits cloud-hosted generative-AI services and large language models LLMs as analysis engines for reconnaissance and code generation. Simultaneously, enterprise uploads expose sensitive documents to third-party AI vendors. Both threats converge at the AI service...

Awesome LLM Apps 安全漏洞

Awesome LLM Apps is a collection of large language model applications personally developed by Shubham Saboo. Awesome LLM Apps contains security vulnerabilities, which stem from improper isolation of session-specific environment variables, potentially leading to cross-session information leaks...

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

Arbitrary Code Injection

Langflow is vulnerable to Arbitrary Code Injection. The vulnerability is due to the validation process dynamically executing LLM‑generated Python code via exec, where the validation routine runs the generated code and an attacker who can influence the model output can achieve arbitrary server‑sid...

CVE-2026-33873

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

CVE-2026-27893

vLLM is an inference and serving engine for large language models LLMs. Starting in version 0.10.1 and prior to version 0.18.0, two model implementation files hardcode trustremotecode=True when loading sub-components, bypassing the user's explicit --trust-remote-code=False security opt-out. This...

CVE-2026-28788

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can overwrite any file's content by ID through the POST /api/v1/retrieval/process/files/batch endpoint. The endpoint performs no ownership check, so a...

Clawed and Dangerous: Can We Trust Open Agentic Systems?

Open agentic systems combine LLM-based planning with external capabilities, persistent memory, and privileged execution. They are used in coding assistants, browser copilots, and enterprise automation. OpenClaw is a visible instance of this broader class. Without much attention yet, their securit...

Unveiling the Resilience of LLM-Enhanced Search Engines against Black-Hat SEO Manipulation

The emergence of Large Language Model-enhanced Search Engines LLMSEs has revolutionized information retrieval by integrating web-scale search capabilities with AI-powered summarization. While these systems demonstrate improved efficiency over traditional search engines, their security implication...

The System Prompt Is the Attack Surface: How LLM Agent Configuration Shapes Security and Creates Exploitable Vulnerabilities

System prompt configuration can make the difference between near-total phishing blindness and near-perfect detection in LLM email agents. We present PhishNChips, a study of 11 models under 10 prompt strategies, showing that prompt-model interaction is a first-order security variable: a single...

EUVD-2025-208974

NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

Agent Audit: A Security Analysis System for LLM Agent Applications

What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...

TreeTeaming: Autonomous Red-Teaming of Vision-Language Models Via Hierarchical Strategy Exploration

The rapid advancement of Vision-Language Models VLMs has brought their safety vulnerabilities into sharp focus. However, existing red teaming methods are fundamentally constrained by an inherent linear exploration paradigm, confining them to optimizing within a predefined strategy set and...

AI in Cybersecurity Education -- Scalable Agentic CTF Design Principles and Educational Outcomes

Large language models are rapidly changing how learners acquire and demonstrate cybersecurity skills. However, when human--AI collaboration is allowed, educators still lack validated competition designs and evaluation practices that remain fair and evidence-based. This paper presents a...

PT-2026-27198

Name of the Vulnerable Software and Affected Versions New API versions 0.10.0 and later Description A flaw exists in the universal secure verification flow, allowing an authenticated user with a registered passkey to bypass the WebAuthn assertion requirement. This issue affects actions protected ...

Malicious code in mangrove-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d6714958f20775c2347e9c8b606d1de2e28ed29fe4b1a82261ca4fb966fc20fa During installation, package attempts to modify LLM configuration files to provide a backdoor instruction for further control over an AI agent. --- Category:...

Malicious code in efghr-honeybee-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e77e2d0088390e5dc421f70a65ade331bfbf554afcc9cc42362098d0ed130692 During installation, package attempts to modify LLM configuration files to provide a backdoor instruction for further control over an AI agent. --- Category:...

Malicious code in flyio-token-client-efgh (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2b09830263d8a35450ca657294a1725c441f2f7fe49cc7946e261e8f18401464 During installation, package attempts to modify LLM configuration files to provide a backdoor instruction for further control over an AI agent. --- Category:...