The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

Qwen3.5 family: Fireworks of new LLMs from Alibaba

Many Qwen LLMs are among the most popular models on Hugging Face (Fig. 1). Qwen is continuously developing the models: after the convincing Qwen3 release in April 2025, the provider introduced a new ...