Vision-Language-Model | GRID THE GREY

LIVE THREATS

MEDIUM Python package 'llm-openai-via-codex 0.1a0' hijacks Codex CLI // CRITICAL LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure // HIGH Show HN: Browser Harness – Gives LLM freedom to complete any browser task // CRITICAL Paloalto's Zealot successfully attacks misconfigured cloud environments // HIGH Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign // HIGH Bad Memories Still Haunt AI Agents // CRITICAL ChatGPT's code runtime silently exfiltrates user data via malicious prompt // HIGH Claude's Mythos rival: Chinese Cybersecurity Firm claims finding 1000 vulnerabilities // CRITICAL Vertex AI agents can be weaponized to steal GCP service credentials // CRITICAL Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them? //

1 report

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

ATLAS OWASP CRITICAL The Hacker News Apr 25, 2026 ▲ 9.2

LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure

A critical SSRF vulnerability in LMDeploy (CVE-2026-33626), an open-source LLM deployment toolkit, was actively exploited within 13 hours of public disclosure, with attackers using the vision-language …

AML.T0040 - ML Model Inference API Access AML.T0047 - ML-Enabled Product or Service AML.T0057 - LLM Data Leakage