Security news.
Today's security landscape is marked by critical vulnerabilities, with CISA warning of active exploitation in Langflow for AI workflows and adding another flaw to its KEV catalog. Espionage campaigns by China-linked threat actors targeting telecom networks also highlight persistent state-sponsored threats, alongside various data breaches and phishing attempts.
CISA: Langflow AI flaw actively exploited
CISA warns of active exploitation of CVE-2026-33017, a critical vulnerability in the Langflow framework that allows attackers to hijack AI workflows.
CISA Adds Aqua Security Trivy Flaw to KEV Catalog
CISA has added CVE-2026-33634, an Aqua Security Trivy Embedded Malicious Code Vulnerability, to its Known Exploited Vulnerabilities Catalog.
China-Linked Red Menshen Spies via Telecom Networks
A China-nexus threat actor, Red Menshen (aka Earth Bluecrow), is conducting a long-term espionage campaign using stealthy BPFDoor implants within telecom networks to target government entities.
Hightower Holding Data Breach Impacts 130,000
A data breach at Hightower Holding exposed names, Social Security numbers, and driver’s license numbers for approximately 130,000 individuals.
TikTok for Business Accounts Targeted in Phishing
A new phishing campaign is targeting TikTok for Business accounts, employing techniques to evade security bot detection of malicious pages.
BIND Updates Patch High-Severity Vulnerabilities
ISC has released updates for BIND to address high-severity vulnerabilities that could lead to out-of-memory conditions and memory leaks via specially crafted domains.
Claude Extension Flaw Allowed Zero-Click XSS Prompt Injection
A vulnerability in Anthropic's Claude Google Chrome Extension could have enabled zero-click XSS prompt injection, allowing any website to silently inject prompts.
Cisco Patches Multiple IOS Software Vulnerabilities
Cisco has released patches for several high- and medium-severity vulnerabilities in its IOS software, addressing issues like denial-of-service, secure boot bypass, and privilege escalation.