Critical Langflow AI Platform Vulnerability Under Active Exploitation — BleepingComputer

CISA has issued an alert about a critical code injection vulnerability in the Langflow AI platform, which is being actively exploited by threat actors. The flaw allows remote attackers to hijack AI workflows, posing significant risks to organizations using the platform. Security teams should immediately apply available patches and monitor for unusual activity to mitigate potential impacts.

Coruna iOS Exploit Framework Reuses Triangulation Attack Code — BleepingComputer

The Coruna iOS exploit framework has been linked to the Triangulation attacks, utilizing kernel exploits from previous Apple iOS vulnerabilities. The framework targets iOS devices, potentially compromising user data and device integrity. Security teams should ensure all iOS devices are updated to the latest version to prevent exploitation and monitor for signs of compromise.

• China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks [The Hacker News]
• TikTok for Business accounts targeted in new phishing campaign [BleepingComputer]
• Data Breach Hits Benefits Administrator Navia, Affecting Nearly 2.7 Million People - CPO Magazine [Google News Security]
• OVHcloud breach claimed by hacker, millions of users potentially affected - Escudo Digital [Google News Security]
• 苹果紧急修复意外呼出电话漏洞，官方建议尽快将设备升级至iOS 26.3或更高版本 - 新浪财经 [Google News Security (CN)]