All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Anthropic is hiring for a senior role to negotiate data center deals in Europe to support its AI expansion, as the company secures major infrastructure commitments like a $100+ billion spending plan with Amazon Web Services and capacity deals with Broadcom. The company is specifically targeting data center capacity in major European hubs (Frankfurt, London, Amsterdam, Paris, Dublin) and regions like the Nordics, where cheap energy makes AI infrastructure more affordable. This move reflects a broader industry trend, with Microsoft, OpenAI, and other AI companies also expanding their European data center operations.
Paperclip is a Node.js server (a JavaScript runtime that runs outside web browsers) with a React UI (a framework for building user interfaces) that manages multiple AI agents to automate business tasks. Before version 2026.416.0, an attacker without any login credentials could gain full remote code execution (the ability to run arbitrary commands on the target system) on any publicly accessible Paperclip instance using its default settings, simply by knowing the server's address and making six automated API calls (requests to the server's functions).
Paperclip is a Node.js server and React UI that manages multiple AI agents to run a business. Versions before 2026.416.0 have a privilege escalation vulnerability where an attacker with an agent API key (a credential that identifies an agent) can trick the system into running arbitrary OS commands (unauthorized instructions executed on the computer) on the Paperclip server by injecting malicious commands into a configuration field that the server later executes.
A vulnerability (CVE-2026-6874) was found in ericc-ch copilot-api version 0.7.0 and earlier that affects the /token file's Header Handler component. An attacker can manipulate the Host argument to exploit reliance on reverse DNS resolution (looking up a domain name from an IP address), potentially allowing remote access to systems where the attacker has login credentials.
OpenAI has released workspace agents (AI systems that can independently perform tasks) for users on Business, Enterprise, Edu, and Teachers plans within ChatGPT. These agents can handle business tasks like gathering product feedback and drafting emails, building on growing interest in autonomous AI agents across the industry.
DDEV, a local development tool, has a ZipSlip vulnerability (a path traversal flaw where attackers use special path names like '../' to escape the intended extraction directory) in its archive extraction functions. When DDEV extracts tar or zip archives from remote sources, it doesn't validate file paths, allowing attackers to write files anywhere on a developer's machine by crafting malicious archives.
A bug in uutils coreutils (a set of basic Unix utilities) causes the printenv tool to silently skip environment variables (settings that programs use) containing invalid UTF-8 byte sequences (non-standard character encodings), rather than displaying them. This allows attackers to hide malicious environment variables like LD_PRELOAD (which can inject libraries into programs) from administrators and security tools that rely on printenv to inspect the system.
Anthropic released Mythos Preview, an AI model designed to find and fix security vulnerabilities (weaknesses in software that attackers could exploit), and several US federal agencies are using it. However, CISA (the Cybersecurity and Infrastructure Security Agency, which is America's main government cybersecurity coordinator) reportedly does not have access to the tool, while other agencies like the Commerce Department and NSA do.
Google's Gemini AI can now generate summaries and transcripts not just for Google Meet video calls, but also for in-person meetings, Zoom calls, and Microsoft Teams meetings. The feature, which was previously only available to early testers on Android devices, now works for both scheduled and impromptu meetings, and can be transitioned to a video call if remote participants need to join.
Anthropic, the company behind Claude chatbot, has decided not to release its new AI model called Mythos to the public due to cybersecurity risks. The company is investigating a report that unauthorized people may have gained access to Mythos, raising concerns about whether tech companies can adequately protect their most powerful AI systems from being misused.
OpenAI introduced ChatGPT for Clinicians, a free AI tool designed to help doctors, nurse practitioners, and pharmacists with clinical tasks like documentation, medical research, and patient care consultation. The tool includes advanced AI models, trusted medical search powered by peer-reviewed sources, and optional HIPAA compliance (a federal privacy law for healthcare data) support, with conversations kept private and not used to train the AI.
The engram HTTP server (a local application running on your computer) had a critical security flaw where it allowed any website you visited to steal your private knowledge graph data and inject persistent malicious instructions into your AI coding assistant. This happened because the server had no password protection by default and accepted requests from any website origin (CORS, or cross-origin resource sharing, which controls what websites can talk to your local applications).
InstructLab has a security flaw in its `linux_train.py` script that automatically trusts code from external model sources without verification (trust_remote_code=True). An attacker could trick users into downloading a malicious model from HuggingFace (a popular AI model repository) and running training commands, allowing the attacker to execute arbitrary Python code and take over the entire system.
Fix: Update to version 2026.416.0, which patches the vulnerability.
NVD/CVE DatabaseFix: @paperclipai/server version 2026.416.0 fixes the issue.
NVD/CVE DatabaseClaude Mythos, an AI model from Anthropic, discovered 271 vulnerabilities in Firefox 148, more than ten times what previous AI tools found, demonstrating AI's growing ability to uncover security bugs at scale. All 271 flaws were fixed in Firefox 150's release. While the AI isn't finding entirely new types of bugs, it's closing gaps in vulnerability detection that fuzzing (automated testing that uncovers bugs in source code) and human teams had previously missed, potentially shifting the balance in favor of defenders.
Fix: All 271 vulnerabilities discovered in Firefox 148 have been fixed in Firefox 150.
CSO OnlineOpenAI is running a bug bounty program called the Bio Bug Bounty for GPT-5.5, inviting security researchers to find universal jailbreaks (methods to bypass safety restrictions with a single prompt) that can defeat five biology safety questions. The program offers $25,000 for the first successful universal jailbreak and smaller awards for partial results, with applications open from April 23 to June 22, 2026 and testing running through July 27, 2026.
Marimo has a pre-authorization remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) that allows unauthenticated attackers to gain shell access and execute arbitrary commands without needing to log in first. This vulnerability is actively being exploited in real-world attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesIBM CEO Arvind Krishna stated that geopolitical uncertainty, particularly the Iran conflict, is causing the company to provide cautious financial guidance despite beating first-quarter earnings expectations. He also expressed concerns about potential economic slowdowns affecting consumer spending and European growth, though he noted IBM's Middle East business performed well. Additionally, Krishna discussed how new AI models like Anthropic's Mythos, which can find security vulnerabilities at unprecedented speed, will likely be replicated by competitors and pose significant cybersecurity concerns that have caught the attention of U.S. government officials.
Researchers have developed a fingerprint-based watermarking technique to protect and track natural language processing models (AI systems trained to understand and generate text) that operate as black boxes (systems where users cannot see how internal decisions are made). This method allows owners to prove they created a model and trace where it has been used or copied without permission.
AI models can now autonomously discover vulnerabilities and create working exploits, which compresses the time between when a weakness is found and when it's attacked. However, the same AI capabilities that help attackers can also help defenders by accelerating vulnerability discovery and reducing response time. Microsoft is partnering with AI model providers and using tools like advanced models to identify security issues faster and deploy fixes through their existing update processes.
Fix: Microsoft states it will incorporate advanced AI models directly into its Security Development Lifecycle (SDL) to identify vulnerabilities and develop mitigations and updates. Mitigations are handled through the Microsoft Security Response Center (MSRC) processes, including Update Tuesday (the regular monthly security update distribution) and out-of-band updates when needed. For customers using Microsoft PaaS and SaaS cloud services, mitigations and updates are applied automatically. For customers deploying on their own infrastructure, staying current on all security updates is described as a fundamental requirement. Microsoft will also deploy detections to Microsoft Defender when updates are released and share details through the Microsoft Active Protections Program (MAPP) to help partners mitigate risk.
Microsoft Security BlogFix: Upgrade to `engramx@2.0.2` or later. This version applies the following fixes: (1) requires authentication (Bearer token or HttpOnly cookie) on all non-public routes, (2) removes the wildcard CORS policy entirely and requires explicit opt-in via `ENGRAM_ALLOWED_ORIGINS`, (3) validates the Host and Origin headers to prevent DNS rebinding attacks, (4) enforces `Content-Type: application/json` on data modifications to block CSRF vectors, and (5) protects the UI bootstrap with `Sec-Fetch-Site` validation to prevent cross-origin probing.
GitHub Advisory DatabaseMeta is installing a tool called Model Capability Initiative (MCI) on US employees' computers that records their activity, including mouse movements, clicks, keystrokes, and screenshots from work apps and websites. This recorded data will be used to train Meta's AI agents to perform computer tasks more like humans do, though Meta states the data won't be used to evaluate employee job performance.