SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...

US CISA adds ‘insane’ Linux Copy Fail flaw to watch list

Malicious actors with code execution capability may gain root access on Linux systems using as few as 10 lines of Python, according to a researcher.
CSOonline

Critical RCE bugs expose the n8n automation platform to host‑level compromise

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass affects internal‑mode deployments common in enterprise setups. Two critical ...
Bleeping Computer

WhatsApp for Windows lets Python, PHP scripts execute with no warning

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. For the attack to be ...
Computer Weekly

BlueRock open sources MCP Python Hooks

The company has this month announced the open source release of BlueRock MCP Python Hooks, a lightweight (software using ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...