NewsLangChain SSRF Bypass CVE-2026-26019Cybersecurity News·high signalSSRF bypass in LangChain Community RecursiveUrlLoader. Weak domain validation enables access to internal services. Fixed in 1.1.14.SourceSource pageCybersecurity News↳ Follow the threadStack layer / Threat patternGhostApproval: symlink flaw turns human-in-the-loop into a rubber stamp across 6 coding agentsCyber Security NewsPolicy dependency / Stack layerVercel Ships the Agent-Ops Layer: 'Eve' Framework for Natural-Language Agent Skills and 'Vercel Sandbox' to Fence In Data AccessThe AI InsiderPolicy dependency / Stack layerCodenotary ships AgentMon 3 for agent runtime policy and compliance loggingAI Agent StorePolicy dependency / Stack layerFirst Recon AI ships AI Security Runtime GA — inline policy enforcement on every agent-to-agent and agent-to-tool callBusiness WireStack layer / Update threadPattern: The Agent's Web Access Is Moving Inside the IDE as a Sandboxed, Allowlisted Browser9to5MacPolicy dependency / ContrastFT: OpenAI and Google Sold AI Services to Pentagon-Blacklisted Chinese Firms via Singapore UnitsFinancial Times (via Yahoo Finance)Stack layer / Update threadPattern: Agent Autonomy Defaults Are Flipping 'On' in Managed Enterprise CloudsReleasebotPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker News