AI Sec Watch

Zammad, a web-based customer support system, had a server-side template injection vulnerability (a flaw where attackers can inject malicious code into templates that the server processes) in versions before 7.0.1 that could lead to RCE (remote code execution, where an attacker can run commands on a system they don't own). The vulnerability only affects systems where an attacker has administrative access to control the type_enrichment_data configuration setting.

OpenTelemetry's Go SDK has a PATH hijacking vulnerability (PATH hijacking is when an attacker puts a malicious program in a directory that the system searches for commands, so their fake program runs instead of the real one) on BSD and Solaris systems because the `kenv` command is called by its name alone instead of its full path. An attacker with local access can place a malicious `kenv` binary in the system's PATH, which will execute with the application's permissions when OpenTelemetry initializes.

OpenTelemetry Go's OTLP HTTP exporters (tools that send trace, metric, and log data over HTTP) read entire HTTP response bodies into memory without limiting their size, which allows an attacker controlling the collector endpoint to crash the application by sending extremely large responses. This vulnerability affects three exporter components: otlptrace, otlpmetric, and otlplog.

PraisonAI's `execute_code()` function has a critical sandbox escape vulnerability in its subprocess mode. The subprocess uses a blocklist of only 11 forbidden attributes, missing four key attributes (`__traceback__`, `tb_frame`, `f_back`, `f_builtins`) that attackers can chain together through exception handling to access the real Python builtins and execute arbitrary code, completely bypassing the sandbox.

This research paper describes a method called ReSLC that protects AI systems used to find software bugs from backdoor attacks, where attackers secretly embed malicious instructions into the AI's training process. The approach uses redundant semantic LLM compression (a technique that removes unnecessary information from large language models while keeping their core abilities) to make these hidden attacks harder to carry out. The work was published in July 2026 in the Journal of Information Security and Applications.

This research paper presents a hybrid deep learning method using autoencoders (neural networks that learn to compress and reconstruct data) and transformers (AI models that process sequences of information) to detect a new type of attack called unresponsive ECN attacks on low-latency network services (systems designed to minimize delay in data transmission). The proposed method achieves over 90% accuracy in detecting these attacks while keeping false alarms below 0.01%, outperforming existing detection approaches by more than 10%.

In the second half of 2025, DDoS attacks (distributed denial-of-service, where attackers flood a target with traffic to shut it down) became more powerful and easier to launch due to three major changes: IoT botnets (networks of hacked internet-connected devices like routers) reached attack capacities of 30 terabits per second, AI and dark-web LLMs (large language models, AI systems trained on text data) made sophisticated attacks accessible to less-skilled attackers through simple conversational prompts, and DDoS-for-hire services became more widely available. Critical infrastructure like DNS servers (systems that translate website names into IP addresses) and government and finance sectors faced sustained pressure from groups coordinating attacks across multiple countries.

Meta has released Muse Spark, a new AI model designed to be small and efficient while still capable of reasoning through complex questions in science, math, and health. The model represents Meta's attempt to compete in the AI market dominated by OpenAI, Google, and Anthropic, and will be integrated into Meta's apps like Facebook, Instagram, and WhatsApp, with plans to offer API (application programming interface, a way for developers to access software features) access to external developers.

Meta has launched a new AI model called Muse Spark, designed specifically to work with Meta's products like WhatsApp, Instagram, Facebook, and Messenger. The model is now available in the Meta AI app and website in the US, with plans to expand to other countries and Meta's smart glasses in the coming weeks.