All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
OpenTelemetry.Exporter.Jaeger has a memory exhaustion vulnerability where internal pooled lists (reusable memory structures) can grow too large based on big payloads and stay oversized for future use, potentially causing denial of service (making a system unavailable). However, the developers have no plans to fix this because the Jaeger exporter was deprecated in 2023.
Fix: Prefer maintained exporters (for example OpenTelemetry Protocol format (OTLP)) instead of the Jaeger exporter.
GitHub Advisory DatabaseFlowise versions up to 3.0.13 have a remote code execution vulnerability in the Airtable Agent node where user input is sent to an LLM (large language model, an AI that generates text) to generate Python code, which is then executed without proper sandboxing. An attacker can craft malicious prompts that trick the LLM into generating code containing dangerous commands (like imports or system operations) that bypass the validation checks, allowing them to run arbitrary code on the server without needing to log in.
OpenAI experienced multiple executive departures, including the leaders of its video generation product (Sora) and its scientific research division. The company is reorganizing its science team to work more closely with product and infrastructure groups, while also dealing with medical leaves and transitions among other senior leaders.
Cerebras, a company that makes specialized chips for running AI models, filed to go public on Nasdaq after previously canceling IPO plans in 2024. The company reported strong financial growth in 2025 with $510 million in revenue (up 76% from 2024) and has major deals with OpenAI (worth over $20 billion for computing power through 2028) and Amazon, positioning itself as an alternative to Nvidia's GPUs (graphics processing units, specialized processors commonly used for AI tasks) by claiming faster speeds and lower costs.
OpenTelemetry eBPF Instrumentation (OBI) has a vulnerability where a local attacker controlling a Java process can overwrite arbitrary host files when Java injection is enabled and OBI runs with elevated privileges (special system permissions). The flaw occurs because the injector trusts an environment variable called TMPDIR from the target process without proper validation, and uses unsafe file creation methods that allow symlink attacks (where an attacker creates a link pointing to a different file to trick the system into overwriting it).
Claude Code on Windows had a security flaw where it loaded configuration files from a shared system directory without checking who owned that directory or had permission to change it. Since regular users could write to this directory by default, an attacker could create a malicious configuration file that would run with elevated privileges when another user launched Claude Code, allowing a local privilege escalation (unauthorized access to higher-level permissions).
QQBot media tags in the openclaw package could read arbitrary local files through reply text by referencing host-local paths outside the intended media storage boundary, allowing attackers to disclose local files through outbound media handling. This vulnerability affected openclaw versions before 2026.4.10.
FastGPT, an AI Agent building platform, has a vulnerability in its password change feature in versions before 4.14.9.5 where attackers can use NoSQL injection (inserting MongoDB operators into input fields to manipulate database queries) to bypass password verification and take over accounts without knowing the current password.
FastGPT, an AI Agent building platform, has a NoSQL injection vulnerability (a type of attack where an attacker tricks the database query by inserting special commands) in its login system before version 4.14.9.5. The vulnerability allows unauthenticated attackers to bypass password checks and log in as any user, including administrators, by sending database operators instead of a real password.
OpenClaw missed blocking dangerous environment variables (like VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES) that could be set by users to change how programs start up or behave on the network. This security gap affected OpenClaw versions before 2026.4.10.
Flowise has a text-to-speech endpoint that doesn't require authentication but accepts a credential ID (an identifier for stored API keys like OpenAI or ElevenLabs) directly from user input. An attacker can use this to access someone else's stored API credentials and generate speech using the victim's API account, burning their API credits without permission.
Flowise version 3.0.13 has a security flaw where public chatflow endpoints return unsanitized data (raw information without filtering) that includes plaintext API keys, passwords, and credential IDs (unique references to stored login credentials). This happens because the code returns the complete chatflow object without removing sensitive fields, potentially exposing users' third-party account credentials and internal system architecture.
OpenAI abandoned its Sora video generation tool and Bill Peebles, the leader of the Sora team, is leaving the company. OpenAI is refocusing its priorities away from what it calls "side quests" to concentrate on coding and enterprise products instead.
Tinder is partnering with World, a company co-founded by OpenAI CEO Sam Altman, to let users verify their identity using facial scanning orbs (physical devices that take pictures of faces and eyes to confirm someone is a real person, not a bot or AI agent). Users who complete this verification in select markets like Japan and the United States will receive five free boosts in the app.
AI companies may be overestimating demand by measuring success through token consumption (the basic units of AI usage, like words and characters), rather than actual business value or return on investment. Anthropic is adjusting its pricing model away from flat monthly fees toward per-token billing and has discontinued third-party tools that were consuming excessive tokens without generating meaningful results, positioning itself better if AI demand projections prove inflated.
The White House is planning a meeting between its Chief of Staff and Anthropic's CEO to discuss Anthropic's new AI technology and concerns about the security of software built with advanced AI models. This reflects ongoing government engagement with major AI labs about how their systems work and potential risks.
Anthropic, an AI company, met with White House officials after releasing Claude Mythos, an AI tool that can find bugs in old code and autonomously exploit them for security testing. The meeting signals potential collaboration between the government and Anthropic despite previous tensions, as officials discussed balancing innovation with safety concerns around this powerful technology.
Researchers have developed BioGuard, a defense method that protects biometric classifiers (AI systems that identify people using fingerprints, faces, or iris scans) against model extraction attacks (where attackers try to steal or copy the AI model by repeatedly querying it). The method works without needing malicious sample data to train it, making it practical for real-world deployment.
A researcher discovered that Claude Opus 4.7 can be tricked using an adversarial image (a specially crafted image designed to fool AI systems) generated by ChatGPT to misuse the memory tool and store false information for future conversations. While Claude Opus 4.6+ is harder to attack than earlier versions because it reasons through requests before acting, it remains vulnerable to this type of indirect prompt injection (embedding hidden malicious instructions in images rather than text).
Fix: Upgrade to https://github.com/open-telemetry/opentelemetry-ebpf-instrumentation/releases/tag/v0.8.0.
GitHub Advisory DatabaseFix: Users on standard Claude Code auto-update have already received this fix. Users performing manual updates are advised to update to the latest version.
GitHub Advisory DatabaseFix: Upgrade to openclaw version 2026.4.10 or newer. The latest npm release, 2026.4.14, already includes the fix. The fix enforces the media storage boundary for all outbound QQBot local file paths, which was implemented in PR #63271.
GitHub Advisory DatabaseFix: Update FastGPT to version 4.14.9.5 or later, where this issue has been fixed.
NVD/CVE DatabaseFix: This issue has been fixed in version 4.14.9.5. Users should upgrade to this version or later.
NVD/CVE DatabaseFix: Users should upgrade to openclaw version 2026.4.10 or newer. The latest npm release, openclaw@2026.4.14, already includes the fix, which expands the denylist (a list of blocked items) in the execution environment security policy to cover these high-risk environment variables.
GitHub Advisory DatabaseFix: Remove the TTS endpoint from the whitelist (the list of endpoints that don't need login), or add a check to ensure the credential ID matches the chatflow's TTS configuration. The source suggests: 'if (!chatflowId) { return res.status(401).json({ message: "Authentication required" }) }' — meaning if no chatflow ID is provided, the endpoint should reject the request with an authentication error.
GitHub Advisory DatabaseFix: According to the source, apply sanitization to both public endpoints by calling `sanitizeFlowDataForPublicEndpoint(chatflow)` before returning the response, and ensure the sanitization function removes all `credential`, `password`, `apiKey`, and `secretKey` fields from the flowData. The source notes this sanitization function exists only in unreleased HEAD code, not in released v3.0.13.
GitHub Advisory DatabaseAnthropic, an AI company, faced criticism from the Trump administration over concerns about national security and refused to allow its technology to be used for domestic mass surveillance or fully autonomous weapons without human control. The company is now working to improve its relationship with the government by developing Claude Mythos Preview, a new AI model designed specifically for cybersecurity tasks.
Fix: Anthropic's mitigation strategies mentioned in the source include: (1) moving from flat-rate enterprise pricing to per-token billing so revenue reflects actual usage; (2) cutting off third-party agentic tools (like OpenClaw) that were consuming large volumes of tokens unsustainably; and (3) planning infrastructure investment carefully by accounting for a 'cone of uncertainty' (acknowledging that data centers take 1-2 years to build, so companies must estimate future demand carefully rather than over-committing to infrastructure based on inflated projections).
CNBC Technology