All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
A vulnerability (CVE-2026-6597) was found in langflow-ai langflow version 1.8.3 and earlier, where a function called remove_api_keys/has_api_terms fails to properly protect stored credentials (API keys and authentication information), allowing attackers to access them remotely. The vendor was notified but did not respond, and the exploit details have been publicly released.
A security vulnerability (CVE-2026-6596) was found in Langflow (an AI tool) version 1.1.0 and earlier, affecting a file upload function in the API. The flaw allows unrestricted file uploads (meaning attackers can upload any type of file without proper checks), and it can be exploited remotely without requiring authentication or user interaction.
Claude Opus 4.7 introduced an updated tokenizer (a system that breaks text into smaller units for processing) that changes how text is converted into tokens, causing the same input to require 1.0β1.35Γ more tokens depending on content type. While Opus 4.7 maintains the same pricing as Opus 4.6 ($5 per million input tokens and $25 per million output tokens), this token inflation means users can expect roughly 40% higher costs, though the impact varies by content type (minimal for PDFs at 1.08Γ, identical for lower-resolution images, but 3Γ higher for high-resolution images).
Hyatt has deployed ChatGPT Enterprise, which gives its employees access to advanced AI capabilities like GPT 5.4 and Codex (a tool for code generation) across departments such as finance, marketing, and operations. The company is using this technology to automate manual tasks and help teams focus on delivering better customer service. Hyatt worked with OpenAI to provide training sessions so employees could quickly learn how to use AI in their daily work.
AI agents (software programs that can perform tasks automatically) are being promoted as the next major breakthrough, but companies are discovering they are unreliable and expensive to operate. The main problems include wasting tokens (units of text that AI processes, which cost money), high inference costs (the expense of running AI models), and system complexity that makes it difficult to manage multiple agents working together without burning through budgets instead of saving money.
Anthropic released Claude Opus 4.7 in April 2026 with notable updates to its system prompt (the hidden instructions that guide how an AI behaves), including expanded child safety rules, new tools like Claude in PowerPoint and Chrome browsing agents, and changes to make the model less verbose and more action-oriented. The update shows Anthropic shifting Claude toward trying to solve ambiguous requests using available tools rather than asking users for clarification first.
In April, a 20-year-old man attacked OpenAI CEO Sam Altman's home by throwing a Molotov cocktail (a homemade incendiary weapon) and was arrested shortly after while allegedly trying to enter OpenAI's headquarters with kerosene and a lighter. The suspect faces serious charges including attempted arson and attempted murder, and authorities report he carried an anti-AI manifesto, though his parents stated he was experiencing a mental health crisis.
A researcher converted Anthropic's published Claude system prompts (the hidden instructions that guide Claude's behavior) from a single markdown document into a git repository (a version control system that tracks file changes over time) with timestamped commits, allowing easier exploration of how the prompts have evolved across different Claude model versions using standard git tools like `log` and `diff`.
Dagster had a SQL injection vulnerability (a security flaw where attackers can insert malicious SQL commands into database queries) in its database I/O managers (tools that read and write data to databases like DuckDB, Snowflake, and BigQuery). Users with permission to add dynamic partitions (flexible data groupings) could create partition keys that contained SQL commands, which would then execute against the database with the I/O manager's credentials, potentially allowing unauthorized data access or modification.
Cisco Catalyst SD-WAN Manager has a vulnerability that lets remote attackers view sensitive information they shouldn't have access to. This flaw is currently being actively exploited by attackers in real-world situations. Organizations using this product need to take immediate action to assess their exposure and reduce risk.
Fix: According to CISA, follow guidelines in Emergency Directive 26-03 and the 'Hunt & Hardening Guidance for Cisco SD-WAN Devices' to assess exposure and mitigate risks. Additionally, follow applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. The deadline for action is April 23, 2026.
CISA Known Exploited VulnerabilitiesJetBrains TeamCity has a relative path traversal vulnerability (a flaw where an attacker can access files outside their intended directory by using paths like '../../../') that could let someone perform limited admin actions without proper permission. This vulnerability is actively being exploited by attackers in real-world attacks.
Fix: Apply mitigations per JetBrains vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See https://www.jetbrains.com/privacy-security/issues-fixed/ for vendor-specific details.
CISA Known Exploited VulnerabilitiesCisco Catalyst SD-WAN Manager has a vulnerability where improper handling of files on its API interface allows attackers to upload malicious files and overwrite arbitrary files on the system, potentially gaining vmanage (virtual management) user privileges. This vulnerability is currently being actively exploited in the wild. The issue stems from incorrect use of privileged APIs (special functions that have elevated permissions to perform sensitive operations).
Fix: According to CISA, organizations should adhere to CISA Emergency Directive 26-03 to assess exposure and mitigate risks on Cisco SD-WAN devices, follow CISA's Hunt & Hardening Guidance for Cisco SD-WAN Devices, and apply applicable BOD 22-01 guidance for cloud services. If mitigations are not available, discontinue use of the product. The due date for completing these actions is 2026-04-23.
CISA Known Exploited VulnerabilitiesCisco Catalyst SD-WAN Manager has a vulnerability where passwords are stored in a recoverable format (meaning they can be decoded or extracted), allowing an authenticated, local attacker with low-level access to read a credential file and gain higher privileges. This vulnerability is currently being exploited by attackers in the real world.
Fix: According to CISA, organizations should adhere to CISA Emergency Directive 26-03 and CISA's Hunt & Hardening Guidance for Cisco SD-WAN Devices to assess exposure and mitigate risks. Organizations must also follow BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. The due date for remediation is April 23, 2026.
CISA Known Exploited VulnerabilitiesPaperCut NG/MF has an improper authentication vulnerability that allows remote attackers to bypass authentication (skipping the normal login process) through a flaw in the SecurityRequestFilter class. This vulnerability is actively being exploited by attackers in the real world.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesQuest KACE Systems Management Appliance (SMA) has a flaw in how it checks user identity that lets attackers pretend to be real users without needing the correct password. This vulnerability is currently being exploited by real attackers in the wild.
Fix: Apply mitigations per vendor instructions from https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesKentico Xperience has a path traversal vulnerability (a flaw that lets attackers access files outside their intended directory) that allows an authenticated user's Staging Sync Server (a component that syncs data between environments) to upload files to unintended locations. This vulnerability is actively being exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Check https://devnet.kentico.com/download/hotfixes for vendor hotfixes.
CISA Known Exploited VulnerabilitiesZimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability (XSS, a flaw where attackers inject malicious code that runs in a user's browser). An attacker could use this to execute arbitrary JavaScript within a user's session, potentially stealing sensitive information or gaining unauthorized access.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See vendor security advisories at https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories for specific patches and updates.
CISA Known Exploited VulnerabilitiesThis is a research survey published in ACM Computing Surveys that examines the limitations and problems of large language models (LLMs, which are AI systems trained on massive amounts of text data to generate human-like responses). The survey takes a data-driven approach to understand how LLM research has evolved as scientists discover and study these systems' weaknesses and constraints.
This is a systematic literature review, a type of research paper that surveys and analyzes existing studies on differential privacy (a mathematical technique that adds carefully measured noise to data to protect individual privacy) in machine learning. The review examines how researchers are applying differential privacy to train AI models while keeping personal information safe from being extracted or misused.
This academic survey paper categorizes and describes different privacy concerns and system designs in collaborative deep learning (machine learning where multiple parties train models together while keeping their data private). The paper creates a taxonomy, which is a systematic classification scheme, to help organize the various approaches and challenges in this field.
Fix: Update to the patched versions of Dagster. The fix ensures that partition key values are properly escaped before inclusion in SQL queries across all affected I/O managers. No configuration changes or workarounds are required alongside the update; only the Dagster code version needs to be updated. If unable to apply the update, manual workarounds are described in the referenced gist (https://gist.github.com/gibsondan/6d0c483f8499a8b1cd460cddc9fd8f72).
GitHub Advisory Database