All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
The LifterLMS plugin for WordPress (a learning management system plugin) has a SQL injection vulnerability (a flaw where attackers can insert malicious database commands into normal queries) in versions up to 9.2.1 through the 'order' parameter. Authenticated attackers with Instructor-level access and above can exploit this to extract sensitive information from the database because the plugin does not properly clean user input before using it in database queries.
OpenAI has launched a new $100 Pro subscription tier to compete with Claude's pricing and target coders and enterprises. The new Pro plan sits between the existing $20 Plus and $200 Pro Max tiers, offering 5x higher usage limits than Plus and access to advanced features like Codex (a code-generation tool), deep research, and GPT-5. OpenAI's strategy mirrors Anthropic's approach of offering a mid-tier subscription designed specifically for people doing complex, high-stakes work.
A 20-year-old man was arrested after throwing a Molotov cocktail (a homemade incendiary weapon) at OpenAI CEO Sam Altman's home and then threatening arson at the company's San Francisco headquarters. No one was injured in the attack, and the suspect was taken into custody with charges pending. The incident occurred during a controversial period for OpenAI involving military partnerships and litigation.
FastGPT (a platform for building AI agents) has a broken access control vulnerability (IDOR/BOLA, a flaw where one user can access another user's data by guessing or changing IDs) that allows any authenticated team to run AI applications belonging to other teams by using a different application ID. The system checks that users are logged in but doesn't verify that the application they're trying to use actually belongs to their team, leading to unauthorized access to private AI workflows across teams.
A 20-year-old man was arrested in San Francisco after throwing a Molotov cocktail (a homemade incendiary weapon) at the home of OpenAI CEO Sam Altman, damaging a perimeter gate. The same person later appeared at OpenAI's San Francisco office and threatened to burn down the building before being arrested by police.
n8n-mcp (a tool for connecting AI systems to external services) had security problems where certain HTTP endpoints (the connection points a program offers over the internet) didn't require authentication and exposed sensitive system information. An attacker with network access could shut down active sessions and gather details to plan further attacks.
The LangSmith JavaScript SDK contains a prototype pollution vulnerability (a type of attack where an attacker modifies the base object that all JavaScript objects inherit from) in its internal lodash `set()` function. The vulnerability exists because the code only blocks the `__proto__` key but allows attackers to bypass this protection using `constructor.prototype` instead, potentially affecting all objects in a Node.js application if they control data being processed by the `createAnonymizer()` API.
This article reports on a criminal incident, not a technical AI or cybersecurity issue. A 20-year-old was arrested for allegedly throwing a Molotov cocktail (an improvised incendiary weapon) at OpenAI CEO Sam Altman's home in San Francisco and making threats at OpenAI's office.
PraisonAI's browser bridge server (started with `praisonai browser start`) has a security flaw where it accepts WebSocket connections (a two-way communication channel between a client and server) without proper authentication checks. An attacker on the network can connect without credentials, trick the server into linking their connection to a legitimate browser extension session, and then intercept all commands and responses from that session, effectively taking control of the browser automation without permission.
A new vulnerability (CVE-2026-34040, rated 8.8 on the CVSS score, a 0-10 severity rating) allows attackers to bypass authorization plug-ins (add-on security tools that control who can run Docker commands) in Docker Engine and gain root-level access to host systems. The flaw exploits the same underlying problem discovered in 2016, where oversized API requests (over 1MB) are silently dropped before the authorization plug-in can inspect them, causing the plug-in to approve requests it cannot see, which Docker then executes in full.
An Iranian content creation group called Explosive Media has produced viral AI-generated Lego videos that mock recent US military operations, including the rescue of a downed airman. The videos use AI to create animated scenes where Lego jets explode and money spills out, criticizing the cost and outcome of the military missions.
FastGPT, an AI Agent building platform, has a vulnerability in versions before 4.14.10.3 where an endpoint accepts URLs without proper authentication checks, allowing unauthenticated attackers to perform SSRF (server-side request forgery, where an attacker tricks the server into making requests to internal network resources) attacks against internal systems. The vulnerability exists because the internal IP check is disabled by default.
Rembg, a tool that removes image backgrounds, has a path traversal vulnerability (a flaw where attackers can access files outside the intended directory) in its HTTP server before version 2.0.75. An unauthenticated attacker can send a malicious request with a crafted model_path parameter to read arbitrary files from the server, potentially revealing file contents through error messages.
OpenClaw versions 2026.2.13 through 2026.3.24 have an ANSI escape sequence injection vulnerability (a bug where attackers can sneak special terminal control codes into the system) in approval prompts that allows attackers to trick the terminal display by manipulating tool metadata. This means an attacker could use malicious tool names containing these control sequences to make false information appear in approval prompts and permission logs.
U.S. government officials, including Vice President JD Vance and Treasury Secretary Scott Bessent, met with tech CEOs from companies like Anthropic, OpenAI, Google, and Microsoft to discuss the security of large language models (AI systems trained on large amounts of text data) and how to protect against cyber attacks before Anthropic released its new Mythos model. Anthropic briefed government officials on the model's capabilities, including potential offensive and defensive cybersecurity applications, and emphasized that bringing the government into the conversation early about risks and safety measures was a priority.
Fix: This vulnerability is fixed in version 4.14.10.4. Users should upgrade to FastGPT 4.14.10.4 or later.
NVD/CVE DatabaseFix: Fixed in v2.47.6, where all MCP session endpoints now require Bearer authentication (a token-based security method). If you cannot upgrade immediately, you can restrict network access using firewall rules, reverse proxy IP allowlists, or a VPN to allow only trusted clients. Alternatively, use stdio mode (MCP_MODE=stdio) instead of HTTP mode, since stdio transport does not expose HTTP endpoints and is not affected by this vulnerability.
GitHub Advisory DatabaseFix: Fixed in version 0.5.18. Users should update their `langsmith` package to 0.5.18 or later.
GitHub Advisory DatabasePraisonAI Agents has a security flaw where tool approval decisions are cached by tool name only, not by the specific command arguments. Once a user approves the `execute_command` tool (a function that runs shell commands) for any command like `ls -la`, all future shell commands in that session bypass the approval prompt entirely. Combined with the fact that all environment variables (including API keys and credentials) are passed to subprocesses, an LLM agent can silently steal sensitive data without asking permission again.
Fix: Update to Docker Engine 29.3.1 or Docker Desktop 4.66.1. If immediate updates cannot be deployed, route API requests through a reverse proxy that blocks all requests over 512KB as a temporary mitigation. Additionally, administrators can search daemon logs using 'journalctl -u docker | grep "Request body is larger than"' to detect potential exploitation attempts.
CSO OnlineAnthropic released Claude Mythos Preview, an AI model that can automatically discover vulnerabilities (weaknesses in software) and create working exploits (code that takes advantage of those weaknesses) across operating systems and software products. The company is currently limiting access to a few dozen organizations through Project Glasswing to give defenders time to find and fix weaknesses in their own systems before attackers gain widespread access to the model.
Fix: The source mentions that Project Glasswing participants are being given early access to Mythos Preview so they can 'find weaknesses in their own systems using the model and start to grapple more broadly with how software development, update cycles, and patch adoption needs to change.' However, no specific technical mitigation, patch, update, or fix is described in the text.
Wired (Security)Researchers used LLMs (large language models, AI systems trained on vast text data) and model checking (a technique to verify if software behaves correctly by examining all possible states) to study Android's permission system, which controls what apps can access on your phone. The study involved modeling how this system works, checking if it's secure, and finding ways to exploit it using AI techniques.
This research paper examines how visual explanation techniques can help protect federated learning (a machine learning approach where multiple computers train a model together without sharing raw data) from poisoning attacks (attempts to corrupt the training data or model). The authors propose an enhanced version of LayerCAM (a method that visualizes which parts of an input an AI focuses on), combined with autoencoders (neural networks that compress and reconstruct data), to detect and defend against such attacks.
A cyber-attack on a London pathology company in June 2024 caused widespread hospital disruptions and contributed to a patient's death, highlighting real dangers from digital attacks. The article warns that a new AI release could enable more frequent and severe cyber-attacks by giving attackers powerful hacking capabilities, potentially creating widespread chaos in critical digital systems we depend on.
Fix: Update FastGPT to version 4.14.10.3 or later, where this vulnerability is fixed.
NVD/CVE DatabaseFix: This vulnerability is fixed in version 2.0.75. Users should update to rembg 2.0.75 or later.
NVD/CVE Database