Sysdig
-
PraisonAI flaw was probed within hours of public disclosure
PraisonAI was probed within hours of a disclosed authentication bypass, according to Sysdig. The flaw affects versions 2.5.6 through 4.6.33 and was patched in 4.6.34.
-
Critical Langflow RCE CVE-2026-33017 Exploited Within 20 Hours of Disclosure
A critical unauthenticated RCE in Langflow, CVE-2026-33017 (CVSS 9.3), was disclosed on March 17, 2026 and exploited within 20 hours. Users should apply patches, rotate secrets and restrict network access to public instances.
-
North Korea-linked actors exploit React2Shell flaw to deploy EtherRAT using Ethereum-based C2
Sysdig reported that actors tied to North Korea exploited a critical React Server Components flaw to deploy EtherRAT, a Node.js-based remote access trojan that uses Ethereum smart contracts and RPC consensus for C2 resolution and multiple Linux persistence mechanisms.
