All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
The LiteSpeed cPanel plugin has a symlink following vulnerability (a flaw where the software unsafely follows symbolic links, which are shortcuts to files, allowing attackers to access unintended files) that affects shared hosting servers using CloudLinux/CageFS. An attacker with FTP or web shell access (the ability to run commands on a web server) could exploit this vulnerability, and it is currently being exploited in active attacks.
Fix: Apply mitigations in accordance with vendor instructions from the LiteSpeed security update (https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/), following CISA's BOD 26-04 guidance for patching. If mitigations are unavailable, discontinue use of the product. The patching deadline is 2026-06-18.
CISA Known Exploited VulnerabilitiesOpenAI announced a new Partner Network program to help organizations adopt AI by connecting them with consulting and technology partners who can identify use cases, integrate AI into existing systems, and manage organizational change. The program invests $150 million to support partners across systems integration, consulting, and technology, with plans to train 300,000 certified consultants by the end of 2026, recognizing that enterprise AI success depends on strategy and implementation support, not just model capabilities.
Meta spent $14.3 billion to hire Alexandr Wang and his team to build proprietary AI models, resulting in the Muse Spark model released in April 2024, a shift away from Meta's previous open-source approach. However, Meta still struggles to compete with OpenAI and Google, and faces challenges convincing developers and investors that it can monetize AI products beyond its core advertising business, which currently accounts for 98% of revenue. The company's earlier open-source Llama models failed to attract developers, damaging its reputation in the AI community.
A user prompted Google's Gemini AI to build a functional app in a single request, and the AI generated working code in a preview window. However, Gemini encountered a bug (a race condition, which is when the order of operations in code causes unexpected behavior) and reported a broken channel, though it provided a button to fix the issue, which succeeded after 233 seconds.
Despite excitement about generative AI transforming filmmaking, current AI video models can only produce short clips with inconsistent visuals, and several major Hollywood-AI partnerships have ended, suggesting studios cannot yet depend on this technology for professional entertainment products.
Anthropic took its latest AI models, Fable 5 and Mythos 5, offline after receiving a directive from the U.S. government to comply with new export controls (restrictions on who can access advanced technology) that prevent foreign nationals from using them. The company disagreed with how the government handled the order, saying it lacked transparency and technical justification, and expressed hope to restore access soon.
Anthropic disabled access to its Fable 5 and Mythos 5 AI models after receiving a U.S. government order citing national security concerns and export control restrictions, preventing foreign nationals from using them whether inside or outside the United States. The company immediately suspended the models for all customers to ensure compliance, though other Anthropic models remain available. Anthropic stated the government did not provide specific details about the security concern and said the action did not follow transparent or fair procedures.
OpenAI released a new model called GPT-Realtime-2 for their WebRTC API (a protocol for real-time audio communication in web browsers), which offers improved reasoning capabilities with knowledge through September 2024. A developer updated their audio conversation tool to support this new model and added the ability to paste document context, allowing users to have voice conversations in their browser about custom information.
ApostropheCMS versions up to 3.6.0 contain a command injection vulnerability (CWE-78, a weakness where user input is directly used in system commands without cleaning) in the @apostrophecms/cli package's apos create command. An attacker can input malicious commands through the password prompt that will execute on the host system because the input is not properly sanitized (cleaned of dangerous characters) before being used in a shell command.
According to a report, the White House may have restricted exports of Anthropic's Mythos AI model because it feared a group linked to China had accessed it, which would pose serious national security risks. One concern is that the Chinese government could use distillation (training a simpler AI on a more advanced one to copy its behavior) to reverse engineer the model.
This article examines how ransomware (malicious software that locks files and demands payment to unlock them) defense strategies need to change as generative AI (AI systems that create new content like text or code) becomes more common. The piece suggests that traditional security approaches may be less effective in an environment where AI is widely used.
This academic survey paper reviews methods for testing how well neural networks (AI systems trained to recognize patterns in data) perform when faced with unexpected or manipulated images. The paper examines various approaches researchers use to assess whether image recognition systems remain accurate and reliable under challenging conditions.
Amazon's security research found that Anthropic's Fable 5 AI model could be manipulated through prompt injection (tricking an AI by hiding instructions in its input) to reveal information usable for cyberattacks. After Amazon CEO Andy Jassy shared these findings with the White House, Anthropic restricted access to Fable 5 and Mythos 5 to prevent foreign nationals from using the models.
Amazon CEO Andy Jassy reportedly told U.S. government officials that researchers discovered security vulnerabilities in Anthropic's Claude models that could be exploited for cyberattacks, leading the government to ban exports of two models (Fable 5 and Mythos 5). Anthropic subsequently cut off worldwide access to these models, though the company stated that the concerning capabilities were already available in other public models.
The U.S. government ordered Anthropic to block access to two AI models called Fable 5 and Mythos 5 due to unspecified national security concerns, and the company complied by cutting off access for all users worldwide, including its own employees. Anthropic stated that the government did not provide detailed information about the security threat and only mentioned potential jailbreak (tricks to make the AI ignore its safety instructions) vulnerabilities verbally, which the company claims were minor.
Anthropic will disable its most advanced AI models (Fable 5 and Mythos 5) for all users after the US government ordered the company to stop letting foreign nationals access them, citing national security concerns. The US government believes the safeguards protecting these models can be bypassed and the models could be used to identify software vulnerabilities, though Anthropic was not given specific details about the security concern.
The US government issued an export control directive requiring Anthropic to block access to its two most advanced AI models, Fable 5 and Mythos 5, for all foreign nationals worldwide, citing national security concerns. Anthropic complied by suspending these models for all users globally, though the company disputes the government's reasoning, which appears related to a reported jailbreak (a method to bypass the model's safety restrictions) that Anthropic says it reviewed and found to be minor and not unique to their system.
Fix: Anthropic states in its developer notice that 'new sessions would fall back to a user's default model or Opus 4.8, existing Fable 5 sessions would end with an error, and Platform requests to Fable 5 would also fail' and told integrators to 'migrate to other models.' The company also says it is 'working to restore access' to these models and promised 'more details within 24 hours,' though no specific technical fix or timeline for restoration is provided in the source text.
BleepingComputerThe U.S. government ordered Anthropic to suspend access to its advanced AI models Claude Fable 5 and Mythos 5 for all foreign nationals due to national security concerns, citing a discovered method of bypassing (jailbreaking, or tricking the AI's safety rules) these models. Anthropic disputed the order, arguing that the vulnerabilities identified are minor and already known, that its safety systems are robust, and that perfect jailbreak resistance is impossible for any AI company.
OpenAI says it will work constructively with state attorneys general who are investigating the company over concerns about advertising, data handling, and potential harms to minors and seniors. The investigation comes amid multiple lawsuits against OpenAI, including cases where families allege ChatGPT (a conversational AI chatbot) was misused to cause harm, and as the company prepares for a public stock offering.
Fix: OpenAI stated that 'Today's ChatGPT includes a more protective experience for minors and people experiencing difficult situations, with safeguards that direct them to real-world resources and trusted human contacts.' No specific version numbers or technical implementation details are provided in the source.
CNBC TechnologyResearchers discovered that they can figure out what actions industrial robots are performing just by analyzing encrypted network traffic (data traveling across networks in scrambled form) without being able to read the actual messages. The study shows both practical attacks that successfully identified robot movements and theoretical limits on how much information can be extracted from this type of traffic. This reveals a security gap where encryption alone may not fully protect sensitive robot operations from being monitored.