sqmagazine.co.uk
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-18.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-18 2026 | Langflow Flaw Exploited to Steal AWS Keys and Deploy BotnetAPI Sec | A critical vulnerability in Langflow, an open-source tool for building LLM applications, has been actively exploited. Attackers leveraged this flaw to gain unauthorized access to AWS keys. Following this compromise, the affected systems were used to deploy a botnet. The specifics of the exploit and the full extent of the damage are still under investigation. This incident highlights the security risks associated with open-source software and the importance of prompt patching and secure configuration. |
| 2026-05-05 2026 | Critical Apache Bug Enables Remote Code Execution RiskRCE | Vulnerability writeup detailing CVE-2026-23918, a critical double free memory corruption flaw in Apache HTTP Server version 2.4.66, enabling Remote Code Execution via HTTP/2 handling issues. The article also covers moderate severity vulnerabilities CVE-2026-24072, CVE-2026-28780, CVE-2026-29168, and CVE-2026-29169, patched in version 2.4.67. |
| 2026-05-02 2026 | Cursor AI Flaw Lets Hackers Steal API Keys and Run Code SilentlyAPI SecRCESecrets | Library exposing critical security flaws in Cursor AI, including credential theft via unencrypted SQLite databases by malicious extensions and silent code execution through Git hooks exploited by the AI agent. These vulnerabilities, tracked as CVSS 8.2 and CVE-2026-26268, stem from poor extension isolation, insecure credential storage, and AI agent interaction with untrusted repositories, leaving developers at risk of financial loss and unauthorized access. |
| 2026-04-13 2026 | AI Coding Security Vulnerability Statistics 2026: Alarming DataAI | Survey of AI coding security vulnerability statistics reveals alarming trends, with up to 62% of AI-generated code containing flaws. Veracode's 2025 analysis shows 45% of AI-generated code fails security tests, and 86% of organizations use third-party packages with critical vulnerabilities in AI-driven environments. Common issues include SQL injection, XSS, log injection, hardcoded credentials, and insecure cryptographic implementations. Java exhibits a 71% failure rate, while Python has a 38% failure rate, highlighting language-specific risks. The report notes a 10x increase in monthly security findings from AI code and a 153% rise in design-level flaws. Prompt injection is now the top OWASP risk for LLM applications. |
| 2026-04-09 2026 | API Security Breach Statistics 2026: Hidden ThreatsAPI Sec | Statistics detail a massive surge in API attack traffic (600%+) and near-universal organizational exposure (99% hit in the past year), with only 21% reporting strong detection capabilities and 13% preventing over half of attacks. Path Traversal (27.3%), SQL Injection (20.0%), and SSRF (14.5%) are leading vulnerabilities, while AI-driven attacks accelerate exploitation to as little as 1.2 hours. Major breaches like T-Mobile and Optus underscore the risk of authentication flaws and broken object authorization, with 80,000+ incidents projected by end of 2025 if trends continue. |