Dataproof Communications

Summary Agentic AI adoption is accelerating rapidly as enterprise software and applications increasingly incorporate task-specific AI agents, enabling autonomous execution of complex tasks at machine speed. The autonomy and scale of AI agents introduce significant enterprise risk, as errors, misconfigurations, or malicious manipulation can propagate quickly across interconnected systems, amplifying the potential impact of incidents. Agentic AI will...

For the fifth time, Elastic has been recognized for its achievements in the Google Cloud ecosystem, helping joint customers deploy generative AI solutions in search, security, and observability. - Read more

VP.NET makes VPN privacy verifiable, not just policy-based, with secure enclave tech for up to five devices. The post This VPN Lets You Verify Your Business Privacy For $130 appeared first on TechRepublic. - Read more

Important: As of January 1, 2025, Client SDK 3 tools (CMU and KMU) are no longer supported. This guide has been updated to use Client SDK 5 commands exclusively. Ensure you’re using the latest Client SDK 5 version (5.17 or later) for the most recent features and security improvements. You can use AWS CloudHSM to...

Flowise - Path Traversal in Vector Store basePath The Faiss and SimpleStore (LlamaIndex) vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locations on the server filesystem. Joshua Martinelle Mon, 04/20/2026 - 11:04 ...

Flowise - Cypher Injection in GraphCypherQAChain The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletion. Joshua Martinelle Mon, 04/20/2026 - 11:01 - Read more

Flowise - Missing Authentication on NVIDIA NIM Endpoints The NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. Joshua Martinelle Mon, 04/20/2026 - 10:56 - Read more

Flowise - PII Disclosure on Unauthenticated Forgot Password Endpoint The /api/v1/account/forgot-password endpoint returns the full user object including PII (id, name, email, status, timestamps) in the response body instead of a generic success message. This exposes sensitive user information to unauthenticated attackers who only need to know a valid email address. Joshua Martinelle Mon, 04/20/2026 - 10:51 -...

For the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Booking.com, the Amsterdam-based travel platform, has confirmed a data breach after unauthorized parties accessed reservation data linked to some customers. Exposed information included names, email addresses, phone numbers, physical addresses, and booking details, creating phishing risk, while the...

Key Points The Gentlemen ransomware‑as‑a‑service (RaaS) program is rapidly gaining popularity, attracting numerous affiliates and publicly claiming over 320 victims, with the majority of attacks (240) occurring in the first months of 2026. The service provides a broad locker portfolio implemented in Go for Windows, Linux, NAS, and BSD, plus an additional locker written in C for ESXi, enabling coverage of the multiple platforms commonly found in corporate environments. During an incident...