All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Public opinion on AI is declining in the United States, with 57% of voters believing AI's risks outweigh its benefits, creating challenges for companies like OpenAI and Anthropic as they prepare to go public. Tech companies are investing heavily in data centers (the large computing facilities that power AI systems) to build more powerful AI models, but these projects face growing opposition due to energy concerns, with $156 billion in data center projects blocked or delayed in 2025 and Maine passing the first state-wide data center ban. This negative sentiment and regulatory pushback could impact the valuations and public offerings of major AI companies.
A critical vulnerability in Nginx UI (CVE-2026-33032) leaves an unprotected endpoint that allows attackers to invoke privileged actions without logging in, enabling complete takeover of the web server by modifying configuration files. The flaw is being actively exploited in the wild, with over 2,600 publicly exposed instances at risk. Nginx UI is a popular web-based management interface for the Nginx web server, used by many organizations to control their servers.
A critical vulnerability in nginx UI, a dashboard tool for managing nginx web servers, allows attackers to bypass security by accessing an unprotected endpoint called /mcp_message. This endpoint was added to support MCP (Model Context Protocol, a system that lets web servers communicate with AI models), but it lacks authentication, letting anyone on the network inject malicious configurations and completely take over the server.
Google is releasing a new Gemini app for Mac that lets you quickly access the AI assistant using a keyboard shortcut (Option + Space) to open a floating chat window without leaving your current app. The app can read information from your screen to help answer questions, but requires you to grant permission to access your system's information first.
Anthropic experienced a brief outage on Wednesday affecting its Claude chatbot, API (application programming interface, the connection between software services), and Claude Code assistant, with elevated error rates beginning around 10:53 a.m. ET. By 1:50 p.m. ET, all systems were restored and operational, with login success rates stabilizing by 12:30 p.m. ET.
Starbucks has launched a beta app within ChatGPT (an AI chatbot) that helps customers discover new drinks by describing how they feel rather than browsing a menu. Customers can customize orders and select a location within ChatGPT, but must complete their purchase through the Starbucks app or website to maintain engagement with the company's loyalty program. This move is part of Starbucks' broader strategy to attract customers back to its cafes and appeal to younger consumers who prefer unique beverages.
Google released Gemini 3.1 Flash TTS, a new text-to-speech model that generates audio from text using prompts sent through the standard Gemini API. Unlike typical AI models, this one accepts detailed creative instructions (called prompts) to control how the audio sounds, including vocal style, pace, accent, and emotional tone, allowing users to create speech with specific characteristics like a particular regional accent or energetic delivery.
This item is a brief announcement about Gemini 3.1 Flash TTS (a text-to-speech feature for Google's Gemini AI model) posted on April 15, 2026. The content provided is primarily metadata and sponsorship information rather than substantive technical details about the feature or any security issue.
CVE-2026-5387 is a critical vulnerability that allows unauthenticated attackers to bypass access controls and perform actions normally restricted to administrator roles (Simulator Instructor or Simulator Developer), potentially leading to privilege escalation (unauthorized elevation of access level) and unauthorized changes to simulation parameters, training configuration, and training records. The vulnerability has a CVSS score (0-10 severity rating) of 9.3, classified as critical. The flaw stems from missing authorization checks in the affected software.
LangChain-ChatChat version 0.3.1 has a remote code execution vulnerability (RCE, where an attacker can run commands on a system they don't own) in how it handles MCP STDIO servers (a communication protocol for server connections). An attacker can access the exposed management interface, set up a malicious MCP server with commands of their choice, and then trigger those commands to run when the service processes agent requests.
Windsurf version 1.9544.26 has a prompt injection vulnerability (a technique where attackers hide malicious instructions in input to trick an AI system) that allows remote attackers to execute arbitrary commands on a victim's computer. When Windsurf processes attacker-controlled HTML content, it can be tricked into automatically registering a malicious MCP STDIO server (a communication interface for running code), giving attackers the ability to run commands without the user's knowledge.
Google has released Gemini 3.1 Flash TTS, a new text-to-speech model (software that converts written text into spoken audio) that produces more natural-sounding speech with better control over how the AI speaks. Developers can now use audio tags (special commands embedded in text) to adjust vocal style, pace, and delivery across over 70 languages, and all generated audio is watermarked with SynthID (a hidden marker that identifies AI-generated content) to help prevent misinformation.
A writer notices that ChatGPT and other AI systems are producing content using the rhetorical pattern "it's not X, it's Y" so frequently that this phrasing has become ubiquitous online, appearing in social media posts, fitness classes, and TV shows. The author compares this experience to obsessively noticing a specific detail until it dominates their perception, making the repetitive AI-influenced writing style impossible to ignore.
Capsule Security, an Israeli startup, has raised $7 million in funding to develop technology that secures AI agents (AI systems designed to perform tasks independently) by continuously monitoring their behavior at runtime (while the AI is actually running) to prevent unsafe or harmful actions.
Researchers have identified a flaw in Anthropic's Model Context Protocol (MCP, a system that allows AI models to interact with external tools and data) that permits unsanitized commands (user input that hasn't been cleaned or verified) to run without warning, potentially giving attackers complete control over systems using this AI technology. This vulnerability could be exploited across many widely-used AI environments as part of a supply chain attack (where attackers compromise a tool or service used by many organizations to gain access to their systems).
Adobe is launching a Firefly AI Assistant that lets creators edit their work by describing changes in plain language rather than manually using specific tools in Creative Cloud (Adobe's suite of creative software). Adobe says this conversational AI approach represents a major shift in how creative work is done by making editing easier and more accessible to people without advanced skills.
OpenAI has withdrawn from a deal to rent computing capacity directly from a Norwegian data center facility called Stargate Norway, with Microsoft taking over the capacity instead. OpenAI will now rent computing power from Microsoft instead, which the company says makes more financial sense since it already has a $250 billion contract with Microsoft's cloud service Azure (a cloud computing platform). This pullback is part of OpenAI's broader shift to manage spending expectations as it prepares for a potential public stock offering.
Security researchers discovered prompt injection vulnerabilities (attacks where malicious instructions are hidden in user input to trick an AI into executing them) in Microsoft Copilot Studio and Salesforce Agentforce that allow attackers to steal sensitive data like customer names, addresses, and phone numbers. Both vulnerabilities exploit the fact that these AI agents cannot distinguish between trusted system instructions and untrusted user input, allowing attackers to override the agent's original purpose and exfiltrate data to external servers.
Salesforce and Microsoft recently fixed two prompt injection vulnerabilities (security flaws where attackers hide malicious instructions in text inputs to trick AI systems) in their AI agent products, Agentforce and Copilot. These flaws could have allowed external attackers to access and steal sensitive data from users.
Fix: Nginx released a fix in version 2.3.4 on March 15. The latest secure version is 2.3.6, released the week after the source was published. System administrators are recommended to apply these security updates as soon as possible.
BleepingComputerFix: Update to version 2.3.4, released March 15. For systems that cannot patch immediately, disable MCP or restrict access by using IP whitelisting to allow only trusted hosts, and review access logs for suspicious configuration changes.
CSO OnlineFix: Microsoft patched CVE-2026-21520 following disclosure, with the mitigation carried out internally and no further action required from users. The source notes that both vulnerabilities highlight a baseline need for treating all external inputs as untrusted and enforcing input validation, least-privilege access (giving systems only the minimum permissions they need), and strict controls on actions like outbound email, though no specific patch details are provided for the Salesforce vulnerability.
CSO OnlineFrontier AI models (cutting-edge artificial intelligence systems) are becoming better at finding vulnerabilities (weaknesses in code that attackers can exploit), which creates both opportunity and risk. While AI can help organizations identify and fix these weaknesses, attackers can now use AI to discover and exploit vulnerabilities faster and cheaper than before, putting pressure on organizations to patch systems quickly. The recommended defense is for organizations to follow established best practices from the National Cyber Security Centre, including reducing unnecessary exposure to attack, applying security updates rapidly, and monitoring for malicious activity.
Fix: Organizations should follow established good practices set out by the National Cyber Security Centre, which include: reducing unnecessary exposure to attack, applying security updates rapidly, and monitoring for and quickly responding to malicious activity detected. Additionally, organizations should pursue government-backed certifications such as Cyber Essentials, and access guidance and tools available on the NCSC website.
UK NCSC