- Critical unauthenticated RCE vulnerability in Langflow
83.142.209.214Command and control server for malware beaconing
Threat actors continue to exploit critical vulnerabilities across multiple attack surfaces, from AI infrastructure to supply chain dependencies. Today's threat landscape reveals active campaigns targeting exposed endpoints, AI safety mechanisms, enterprise infrastructure, and open-source repositories, underscoring the persistent risks facing organizations across diverse technology stacks.
Threat actors are actively exploiting a critical remote code execution vulnerability in Langflow to deliver cryptocurrency mining malware to exposed AI application endpoints. The attacks leverage CVE-2026-33017, an unauthenticated RCE flaw with a CVSS score of 9.3, allowing attackers to execute arbitrary code without authentication. The campaign demonstrates a deliberate scanning and targeting strategy focused on identifying exposed Langflow instances in production environments. Source: Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Organizations running Langflow should immediately verify their patch status and assess whether instances are exposed to untrusted networks. The deployment of Monero miners indicates attackers are monetizing compromised infrastructure, making this vulnerability particularly attractive for criminal operations seeking to establish persistent computational access.
A novel prompt injection attack designated "BioShocking" has emerged that exploits the trust mechanisms in AI-powered browsers to bypass safety guardrails. The attack works by framing malicious requests as fictional scenarios, causing AI browsers to treat dangerous actions as harmless roleplay rather than genuine threats. This technique represents a significant evolution in prompt injection attacks, targeting the foundational safety assumptions that AI systems rely upon. Source: New BioShocking attack manipulates AI browser into data theft
The BioShocking attack highlights the vulnerability of AI systems to social engineering at the prompt level, where attackers can manipulate context and framing to achieve data exfiltration and other harmful outcomes. Organizations deploying AI-powered browsing tools should evaluate the robustness of their safety mechanisms against context-aware manipulation techniques.
Citrix has released patches addressing six NetScaler vulnerabilities, with particular attention focused on a high-severity flaw that mirrors the characteristics of previously exploited CitrixBleed vulnerabilities. The bulletin addresses CVE-2026-8451 and CVE-2026-3055, with the former drawing direct parallels to memory disclosure risks that have been actively exploited in the wild. Source: Citrix patches a new NetScaler flaw with echoes of CitrixBleed
The similarity between this new flaw and earlier CitrixBleed variants suggests threat actors may adapt existing exploitation techniques to target the newly discovered vulnerability. Organizations operating NetScaler infrastructure should prioritize patching efforts and monitor for exploitation attempts targeting these newly disclosed issues.
A sustained campaign active since November has been distributing trojanized Pyrogram forks through the Python Package Index to compromise Telegram bot infrastructure. The malicious packages, including kelragram, pyrogram-kelra, pyrogram-navy, pyrogram-styled, pyrogram-zeeb, sepgram, VLife-Gram, and VLifeGram, contain backdoors that allow attackers to read arbitrary files on compromised servers. The campaign specifically targets Python developers building Telegram bots, leveraging the trust developers place in open-source dependencies. Source: Malicious PyPI packages give hackers control of Telegram bot servers
This supply chain attack demonstrates the ongoing risk of dependency poisoning in open-source ecosystems. Developers should audit their project dependencies against the identified malicious packages and implement dependency scanning tools to detect similar threats. The eight-month duration of this campaign before public disclosure indicates that trojanized packages can remain undetected for extended periods, potentially affecting numerous projects in production environments.
The convergence of attacks across AI infrastructure, AI safety mechanisms, enterprise platforms, and supply chain dependencies reflects a sophisticated threat landscape where attackers systematically target multiple vectors simultaneously. Organizations must adopt a defense-in-depth strategy that includes vulnerability management, supply chain security, AI safety evaluation, and continuous monitoring to effectively counter these evolving threats.
Source articles and extracted indicators (defanged where appropriate).
83.142.209.214hxxps://pypi[.]org/project/VLife-Gram/hxxps://pypi[.]org/project/pyrogram-navy/hxxps://pypi[.]org/project/pyrogram-styled/hxxps://pypi[.]org/project/kelragram/hxxps://pypi[.]org/project/sepgram/hxxps://pypi[.]org/project/pyrogram-kelra/hxxps://pypi[.]org/project/pyrogram-zeeb/hxxps://pypi[.]org/project/VLifeGram/