The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
SecurityWeek

Critical Langflow Vulnerability Exploited Hours After Public Disclosure

Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution.
InfoWorld

OpenAI buys non-AI coding startup to help its AI to program

OpenAI on Thursday announced the acquisition of Astral, the developer of open source Python tools that include uv, Ruff and ty. It says that it plans to integrate them with Codex, its AI coding agent ...