Malicious code in eplang (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1d53e4571f8ccfc385a265dfd47cbea9793946762a794aff432e98614ee10b21 The package ships epl/.aiconfig.json containing a hardcoded Groq API key with provider set to 'groq'. On any AI-related CLI invocation epl ai, epl ge...

April 30, 2026—KB5083806 (OS Build 28000.1896) Preview

April 30, 2026—KB5083806 OS Build 28000.1896 Preview ​​​​This non-security update for Windows 11, version 26H1 KB5083806, includes production-quality improvements. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and...

March 26, 2026—KB5079489 (OS Build 28000.1764) Preview

March 26, 2026—KB5079489 OS Build 28000.1764 Preview ​​​​​This non-security update for Windows 11, version 26H1 KB5079489, incudes production-quality improvements. To learn more about differences between security updates, optional non-security preview updates, Out-of-band OOB updates, and...

CVE-2026-32114

Discourse (open‑source discussion platform) contains an Insecure Direct Object Reference (IDOR) vulnerability. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, any authenticated user can access metadata about AI personas, features, and LLM models by supplying their identifiers. This m...

This Week in Spring - February 24th, 2026

Hi, Spring fans! Welcome to another awesome and oh-so-agentic week in Spring! We've got a ton to look into, and I've got even more to prepare for next week's DevNexus event in Atlanta, GA, so let's dive right into it! Be sure to say "hi" if you're going to be there, though! You've heard of Agent...

EUVD-2024-52311

Malicious code in bioql PyPI...

Flowable’s Summer 2025 Update Introduces Groundbreaking Agentic AI Capabilities

Flowable’s 2025.1 update brings powerful Agentic AI features to automate workflows, boost efficiency, and scale intelligent business operations...

WhatsApp Launches Private Processing to Enable AI Features While Protecting Message Privacy

Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable artificial intelligence AI capabilities in a privacy-preserving manner. "Private Processing will allow users to leverage powerful optional AI features – like summarizing unread messages or...

CVE-2025-2867

CVE-2025-2867 affects GitLab Duo with Amazon Q. Affected are GitLab releases: 17.8 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. The issue could allow a crafted input to manipulate AI-assisted development features, potentially exposing sensitive project data to unauthorized users. ...

Apple macOS 安全漏洞

Apple macOS Sequoia is an operating system announced by Apple at the WWDC24 developer conference on June 10, 2024, with the official version launched in the fall of the same year, primarily for Mac devices, emphasizing cross-device collaboration and integration of AI functionality to significantl...

CVE-2024-2734

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2024-2734 Bold Page Builder <= 4.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via AI Features

The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's AI features all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

PT-2024-21834 · WordPress · Bold Page Builder

Name of the Vulnerable Software and Affected Versions: The Bold Page Builder plugin for WordPress versions up to, and including, 4.8.8 Description: The issue is related to Stored Cross-Site Scripting via the plugin's AI features due to insufficient input sanitization and output escaping on...