SecurityWeek

900 Sangoma FreePBX Instances Infected With Web Shells

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.
IEEE

uitSQLid: SQL Injection Detection Using Multi Deep Learning Models Approach

Abstract: Injection attack is the most common risk in web applications. There are various types of injection attacks like LDAP injection, command injection, SQL injection, and file injection. Among ...
eWeek

OpenAI Introduces New Safeguards in ChatGPT to Prevent AI Prompt Injection

OpenAI launches Lockdown Mode and Elevated Risk warnings to protect ChatGPT against prompt-injection attacks and reduce data-exfiltration risks.
IEEE

Automated Search of Instructions Vulnerable to Fault Injection Attacks in Command Authorization Checks of a TPM 2.0 Implementation

Abstract: Several fault attacks have been demonstrated against Trusted Platform Module (TPM) 2.0 implementations. However, the extent to which TPM operation, in particular the commands given to a TPM, ...
The Hacker News

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, ...
GitHub

Command Injection via Bash.run() LLM Tool Registration

The Bash class in MetaGPT is registered as an LLM-callable tool via @register_tool(include_functions=["run"]). This allows LLM agents to execute arbitrary bash commands without any meaningful security ...