The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.

When Claude changed, everything changed: Managing AI blast radius in production

We built it on Claude Sonnet 3.5 in early 2025. We upgraded to 3.7 without incident, and to 4.0 without incident. By the time ...

The Asian swamp eel may be worse for Florida than Burmese pythons

Crayfish and amphibians are vanishing as a stealth invader spreads statewide, raising alarms about cascading losses across ...

ウェブサーバーを数秒以内にダウンさせる「HTTP/2 Bomb」攻撃がOpenAI ...

HPACK圧縮増幅攻撃は、HPACK動的テーブルにヘッダーを挿入し、その後1バイト程度の大きさしかないコンパクトなインデックス表現を用いてそのヘッダーを繰り返し参照するものです。その結果、攻撃者が送信した1バイトがサーバー側で数千バイトのメモリ割り当 ...
Techzine Europe

Vulnerability in open-source component puts AI platforms at risk

A serious security vulnerability in a widely used open-source Python component could put a large number of AI agents and platforms at risk.  The ...

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...