ai security

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)
CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.

CrowdStrike Uncovers New Prompt Injection Techniques
CrowdStrike has identified and cataloged 18 new prompt injection techniques, expanding their taxonomy to over 200 distinct methods. These new techniques, including Trigger-Activated Rule Addition and Algorithmic Payload Decomposition, highlight the evolving sophistication of attacks against AI systems. The company emphasizes the need for enhanced AI threat modeling, red teaming, detection engineering, and runtime visibility to combat these emerging threats.