AI Sec Watch

Laravel Livewire (a PHP framework for building interactive web applications) contains a code injection vulnerability (a flaw where attackers can insert malicious code into an application) that allows unauthenticated attackers to execute arbitrary commands on affected systems in certain situations. This vulnerability is currently being actively exploited by attackers in the wild.

Apple's operating systems (watchOS, iOS, iPadOS, macOS, visionOS, and tvOS) contain an improper locking vulnerability (a flaw that fails to properly control access to shared memory between processes), which allows a malicious application to make unexpected changes to memory that multiple programs use. This vulnerability is currently being exploited by attackers in real-world attacks.

A buffer overflow vulnerability (a programming error where data overflows its allocated memory space) affects multiple Apple products including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS. A malicious app could exploit this to crash the system or write malicious code directly into kernel memory (the core of the operating system). This vulnerability is actively being exploited by attackers in the wild.

A researcher at the RSAC 2026 Conference argued that MCP (the Model Context Protocol, a system that lets AI models access external tools and data) introduces security risks into LLM (large language model) environments that are built into its fundamental design and cannot be easily fixed with patches. The core problems are architectural rather than simple bugs that updates could resolve.

SQLBot, a data query system combining AI with RAG (retrieval-augmented generation, where an AI pulls in external documents to answer questions), has a critical vulnerability in versions 1.5.0 and below that chains three security gaps: missing permission checks on file uploads, unsanitized storage of user input, and inadequate protections when inserting data into the AI's instructions. An attacker can exploit this to trick the AI into running malicious database commands that give them control over the database server.

Discourse, an open-source discussion platform, has a cross-site scripting vulnerability (XSS, where attackers inject malicious code that runs in a user's browser) in versions before 2026.3.0-latest.1, 2026.2.1, and 2026.1.2. The vulnerability exists because the system trusts output directly from an AI language model and displays it without proper sanitization (cleaning) in the Review Queue interface, allowing attackers to use prompt injection (tricking the AI by hiding instructions in user input) to make the AI generate malicious code that executes when staff members review flagged posts.

CVE-2026-26137 is a server-side request forgery vulnerability (SSRF, a flaw where an attacker tricks a server into making unwanted network requests on their behalf) in Microsoft 365 Copilot's Business Chat that allows an authorized attacker to gain elevated privileges over a network. The vulnerability affects an exclusively hosted service and was published on March 19, 2026.

CVE-2026-26136 is a command injection vulnerability (a flaw where an attacker can insert malicious commands by exploiting improper filtering of special characters) in Microsoft Copilot that allows an unauthorized attacker to access and disclose sensitive information over a network.

CVE-2026-24299 is a command injection vulnerability (a flaw where an attacker can insert malicious commands into an application by exploiting improper handling of special characters) in Microsoft 365 Copilot that allows an unauthorized attacker to disclose information over a network. The vulnerability has a CVSS 4.0 severity rating (a 0-10 scale measuring how serious a security flaw is). This is hosted exclusively as a service by Microsoft.