689 matches found
EUVD-2024-44436
Malicious code in bioql PyPI...
EUVD-2025-22560
Malicious code in bioql PyPI...
EUVD-2025-7048
Malicious code in bioql PyPI...
EUVD-2025-17076
Malicious code in bioql PyPI...
EUVD-2024-16246
Malicious code in bioql PyPI...
EUVD-2025-7002
Malicious code in bioql PyPI...
ai.acolite:openai-agent-sdk (>=0.1.0 <=0.4.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23062 more potentially affected by CVE-2025-11226 via ch.qos.logback:logback-core (>=1.4.0 <=1.5.18)
ch.qos.logback:logback-core MAVEN version =1.4.0, =0.1.0, =0.1.0, =0.2.0, =0.114.0, =0.103.0, =0.114.0, =0.2.0, =0.8.0, =0.9.0 - ai.djl.spring:djl-spring-boot-starter-autoconfigure =0.26 - ai.djl.spring:djl-spring-boot-starter-mxnet-auto =0.26 -...
MAL-2025-47702 Malicious code in openai-airline-agentsdk-demo-3w (npm)
--- -= Per source details. Do not edit below this line.=-...
Malicious code in openai-airline-agentsdk-demo-3w (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2025-59434
Flowise Cloud prior to August 2025 was vulnerable to a cross-tenant data exposure through the Custom JavaScript Function node, allowing authenticated users on the free tier to access environment variables from other tenants (e.g., OpenAI keys, cloud credentials, and tokens). The issue has been pa...
CVE-2025-59434 Critical Multi-Tenant Variable Disclosure in Flowise Cloud via Custom JavaScript Function
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...
PT-2025-39070
Name of the Vulnerable Software and Affected Versions Flowise versions prior to August 2025 Cloud-Hosted Flowise Description Flowise is a drag & drop user interface used to build customized large language model flows. A vulnerability in Flowise Cloud, prior to the August 2025 release, allows...
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action. The new class of attack has been codenamed ShadowLeak by Radware. Following...
ChatGPT Deep Research zero-click vulnerability fixed by OpenAI
OpenAI has moved quickly to patch a vulnerability known as “ShadowLeak” before anyone detected real-world abuse. Revealed by researchers yesterday, ShadowLeak was an issue in OpenAI’s Deep Research project that attackers could exploit by simply sending an email to the target. Deep Research was...
Breaking Android with AI: a Deep Dive into LLM-Powered Exploitation
The rapid evolution of Artificial Intelligence AI and Large Language Models LLMs has opened up new opportunities in the area of cybersecurity, especially in the exploitation automation landscape and penetration testing. This study explores Android penetration testing automation using LLM-based...
MAL-2025-46308 Malicious code in text-openai-embedding-js (npm)
The package text-openai-embedding-js was found to contain malicious code...
Malicious code in text-openai-embedding-js (npm)
The package text-openai-embedding-js was found to contain malicious code...
The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
The recent mass-theft of authentication tokens from Salesloft , whose AI chatbot is used by a broad swath of corporate America to convert customer interaction into Salesforce leads, has left many companies racing to invalidate the stolen credentials before hackers can exploit them. Now Google war...
Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model
Cybersecurity company ESET has disclosed that it discovered an artificial intelligence AI-powered ransomware variant codenamed PromptLock. Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-tim...
MAL-2025-28317 Malicious code in openai-realtime-console-plugin (npm)
The package openai-realtime-console-plugin was found to contain malicious code...