Agent Audit: A Security Analysis System for LLM Agent Applications

What should a developer inspect before deploying an LLM agent: the model, the tool code, the deployment configuration, or all three? In practice, many security failures in agent systems arise not from model weights alone, but from the surrounding software stack: tool functions that pass untrusted...

Langflow 操作系统命令注入漏洞

Langflow is an open-source visualization framework developed by Langflow for building multi-agent and RAG applications. Prior to Langflow 1.9.0, there was a vulnerability related to operating system command injection. This vulnerability stemmed from unauthenticated remote shell injections in...

PT-2026-27428

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is susceptible to an unauthenticated remote shell injection issue in GitHub Actions workflows. The issue stems from the unsanitized interpolation of GitHub context variables, such as $...

CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

GO-2026-4801 Ory Kratos has a SQL injection via forged pagination tokens in github.com/ory/kratos

Ory Kratos has a SQL injection via forged pagination tokens in github.com/ory/kratos...

GO-2026-4802 Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel

Siyuan has an Unauthenticated Arbitrary File Read via Path Traversal in github.com/siyuan-note/siyuan/kernel...

GO-2026-4812 Mattermost fails to verify run_create permission for empty playbookId in github.com/mattermost/mattermost-plugin-playbooks

Mattermost fails to verify runcreate permission for empty playbookId in github.com/mattermost/mattermost-plugin-playbooks...

GO-2026-4778 Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju

Juju affected by Confused Deputy IDOR attack via Predictable user specified ID in Juju Secrets in github.com/juju/juju...

GO-2026-4774 qui CORS Misconfiguration: Arbitrary Origins Trusted in github.com/autobrr/qui

qui CORS Misconfiguration: Arbitrary Origins Trusted in github.com/autobrr/qui...

GO-2026-4765 mo has a XSS via inline SVG script tags in Markdown rendering in github.com/k1LoW/mo

mo has a XSS via inline SVG script tags in Markdown rendering in github.com/k1LoW/mo...

GO-2026-4768 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel...

GO-2026-4777 Juju has unauthorized access to out-of-scope Kubernetes secrets in github.com/juju/juju

Juju has unauthorized access to out-of-scope Kubernetes secrets in github.com/juju/juju...

GO-2026-4742 Heimdall: Path received via Envoy gRPC corrupted when containing query string in github.com/dadrus/heimdall

Heimdall: Path received via Envoy gRPC corrupted when containing query string in github.com/dadrus/heimdall...

GO-2026-4734 Mattermost fails to preserve the redacted state of burn-on-read posts during deletion in github.com/mattermost/mattermost-server

Mattermost fails to preserve the redacted state of burn-on-read posts during deletion in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack

Checkmarx KICS scanner is the latest victim of a credential-stealing supply chain attack by TeamPCP. Between 12:58–16:50 UTC on March 23, 35 tags were hijacked. Learn how to audit your workflows, identify malicious activity, and secure your GitHub Actions...

‘CanisterWorm’ Springs Wiper Attack Targeting Iran

A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language. Experts say the wip...

⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers & More

Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many still ignore basic advisories. This edition covers a mix of issues: supply chain attacks hitting CI/CD setups, long-abused IoT devices being shut down...

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious versions 0.69.4,...

CVE-2026-32046

creationtimestamp| type| source ---|---|--- 2026-03-22 03:00:05+00:00| seen| https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j...

CVE-2026-32044

creationtimestamp| type| source ---|---|--- 2026-03-22 03:00:05+00:00| seen| https://github.com/openclaw/openclaw/security/advisories/GHSA-rm2p-j3r7-4x4j...