AI Sec Watch

LibreChat (a ChatGPT alternative with extra features) versions 0.8.0 and below have a security flaw where JSON parsing errors aren't properly handled, causing user input to appear in error messages. This can expose HTML or JavaScript code in responses, creating an XSS risk (cross-site scripting, where attackers inject malicious code that runs in users' browsers).

LibreChat versions 0.8.0 and below have a vulnerability where JSON requests sent to modify prompts aren't properly checked for valid input, allowing users to change prompts in unintended ways through a PATCH endpoint (a request type that modifies existing data). The vulnerability occurs because the patchPromptGroup function passes user input directly without filtering out sensitive fields that shouldn't be modifiable.

LibreChat, a ChatGPT clone with extra features, has a vulnerability in versions 0.8.0 and below where an attacker can modify the iconURL parameter (a web address for an icon image) in chat posts. This malicious code gets saved and can be shared to other users, potentially exposing their private information through malicious trackers when they view the shared chat link. The vulnerability is caused by improper handling of HTML content (XSS, or cross-site scripting, where attackers inject malicious code into web pages).

M&M is a framework that improves secure two-party machine learning (where two parties compute on data without revealing it to each other) by using an efficient modulus conversion protocol (a technique that converts numbers between different mathematical domains used by different encryption methods). The framework integrates various cryptographic tools more efficiently, achieving 6–100 times faster approximated truncations (rounding operations) and 4–5 times faster communication and runtime for machine learning tasks.

This research addresses the problem that deepfake detection systems (AI trained to identify manipulated images created by generative models like GANs and diffusion models) often fail when encountering new or unfamiliar types of forgeries. The authors propose RSG-DA, a framework that improves detection by generating diverse fake samples and using a dual augmentation strategy (data transformation techniques applied in two different ways) to help the AI learn to recognize a wider range of forgery patterns, along with a lightweight module to make these learned patterns work better across different datasets.

Researchers demonstrated a new attack method called ASBA (APK-Specific Backdoor Attack) that can compromise Android malware detection systems by injecting poisoned training data. Unlike previous attacks that use the same trigger across many malware samples, ASBA uses a generative adversarial network (GAN, an AI technique that learns to create realistic fake data) to generate unique triggers for each malware sample, making it harder for security tools to detect and block multiple instances of malware at once.

GitHub's CodeQL multi-repository variant analysis (MRVA) lets you run security bug-finding queries across thousands of projects quickly, but it's built mainly for VS Code. A developer created mrva, a terminal-based alternative that runs on your machine and works with command-line tools, letting you download pre-built CodeQL databases (collections of code information), analyze them with queries, and display results in the terminal.

CVE-2025-67511 is a command injection vulnerability (a flaw where attackers can insert malicious commands into input) in Cybersecurity AI (CAI), an open-source framework for building AI agents that handle security tasks. Versions 0.5.9 and earlier are vulnerable because the run_ssh_command_with_credentials() function only escapes (protects) the password and command inputs, leaving the username, host, and port values open to attack.

Neuron is a PHP framework for creating AI agents that can perform tasks, and versions 2.8.11 and earlier have a vulnerability in the MySQLWriteTool component. The tool runs database commands without checking if they're safe, allowing attackers to use prompt injection (tricking the AI by hiding instructions in its input) to execute harmful SQL commands like deleting entire tables or changing permissions if the database user has broad access rights.