The post OceanLotus Hijacks PyPI to Deploy “ZiChatBot” via Enterprise Chat APIs appeared first on Daily CyberSecurity. Related posts: Trojanized Tools: DAEMON Tools Supply Chain Attack Compromises Global Systems PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again

The post Langflow Alert: Path Traversal Flaw in Knowledge Bases API Risks Total Data Wipeout appeared first on Daily CyberSecurity. Related posts: AI Workflows Under Fire: Critical RCE and File Write Flaws Expose Langflow Servers Critical 9.8 CVSS Flaws in goshs Exposed Anthropic MCP Server Flaws: Path Traversal & Symlink Attacks Allow RCE

The post Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference appeared first on Daily CyberSecurity. Related posts: 95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers 4 Open-Source Packages Infect 56,000+ Downloads with Stealthy Spyware “SymPy” Imposter: Typosquatting Attack Turns Math Library into Crypto Miner

The post Critical CrewAI Vulnerabilities Allow RCE and Sandbox Escapes via Prompt Injection appeared first on Daily CyberSecurity. Related posts: Sandbox Escape: Critical 9.2 Severity RCE Flaw Unmasked in ServiceNow AI Platform Critical 9.8 Flaw in Langflow’s AI CSV Agent Opens a Direct Path to Root Shell Safety Broken: PyTorch “Safe” Mode Bypassed by Critical RCE Flaw