The Hacker News

Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs

High-severity flaws in the Chainlit AI framework could allow attackers to steal files, leak API keys & perform SSRF attacks; ...
The Register on MSN

AI framework flaws put enterprise clouds at risk of takeover

Update Chainlit to the latest version ASAP Two "easy-to-exploit" vulnerabilities in the popular open-source AI framework ...
Bleeping Computer

Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. The ...
CSO Online

Flaws in Chainlit AI dev framework expose servers to compromise

Security researchers uncovered two vulnerabilities in the popular Python-based AI app building tool that could allow ...
CSOonline

Commvault warns of critical Command Center flaw

Commvault is warning customers of a critical vulnerability affecting Command Center, a web-based management console for its data protection and backup offerings. The flaw, tracked as CV-2025-34028, ...
Dark Reading

Microsoft Patches 4 SSRF Flaws in Separate Azure Cloud Services

Microsoft has fixed vulnerabilities in four separate services of its Azure cloud platform, two of which could have allowed attackers to perform a server-side request forgery (SSRF) attack — and thus ...
Bleeping Computer

Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw

Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware ...
Infosecurity-magazine.com

Latest Ivanti Zero Day Exploited By Scores of IPs

A zero-day vulnerability disclosed by Ivanti last week is undergoing mass exploitation in the wild, according to the Shadowserver Foundation. The non-profit said it had seen over 170 discrete IP ...