Press

Threat intelligence, security advisories, company announcements, and media updates from the Helixar team.

Subscribe via RSS

Latest

60 articles

Threat IntelligenceJuly 2026·6 min read

AI Threat Brief: Automated Threats and Agentic Defenses

This week's analysis covers the rise of automated attack frameworks and the parallel need for agentic security tools to manage cloud sprawl and AI-native vulnerabilities.

This week's brief explores the dual role of automation in security. We examine The Gentlemen ransomware's affiliate model, new vulnerabilities in AI coding assistants, and insights from the Verizon DBIR on AI-accelerated attacks. We also cover defensive automation strategies.

Threat IntelligenceAI Threat BriefRansomwareCloud SecurityAI SecurityAutomation
Read article
Threat IntelligenceJune 2026·4 min read

pnpm Path Traversal Flaw Poses Risk to Automated Systems

A vulnerability in the pnpm package manager could allow arbitrary file deletion, creating a significant threat vector for AI agents and automated development environments.

A high-severity path traversal vulnerability (GHSA-72r4-9c5j-mj57) in pnpm's patch-remove command allows for arbitrary file deletion. This poses a unique risk to AI-powered developer tools and autonomous agents that manage their own software dependencies, turning a trusted tool into a potential attack vector.

Threat IntelligencepnpmSupply ChainAgentic Security
Read article
Threat IntelligenceJune 2026·6 min read

Claude Code Flaw Exposed Responses, Posing Risk to Agentic Systems

A classic temporary file vulnerability in an AI coding assistant highlights the risks of integrating generative AI tools into privileged developer and automated workflows.

A high-severity vulnerability (CVE-2026-46406) in Anthropic's Claude Code tool allowed local attackers to read user responses or write to arbitrary files. The flaw, rooted in insecure temporary file handling, underscores how conventional bugs in AI tooling create significant risks for automated agentic systems that handle sensitive data.

Threat IntelligenceAI SecurityVulnerability AnalysisAgentic SystemsCVE-2026-46406
Read article
Threat IntelligenceJune 2026·6 min read

Langflow IDOR Flaw Exposes Agentic Workflows to Hijacking

A critical access control vulnerability in the popular LLM application framework allowed authenticated users to execute any workflow, creating significant risk for multi-tenant AI deployments.

A high-severity Insecure Direct Object Reference (IDOR) vulnerability, CVE-2026-55255, has been patched in Langflow. The flaw allowed any authenticated user to execute flows belonging to other users, potentially leading to data exfiltration, resource abuse, and unauthorized actions by hijacked AI agents.

Threat IntelligenceAI SecurityCVE-2026-55255LangflowAgentic Systems
Read article

More articles forthcoming. Helixar research is published as findings are validated.