All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
AgenticMail, a tool that allows AI agents to access email and phone services, has a security flaw in versions before 0.9.27 where the /mcp endpoint (a communication interface) accepts requests without requiring authentication (verification of identity) when started in HTTP mode. This means a remote attacker could connect to the service and use its tools directly to access real email addresses and phone numbers.
Fix: This issue has been patched in version 0.9.27.
NVD/CVE DatabaseThis item describes TYPO3 HTML Sanitizer (a tool that removes potentially dangerous code from HTML), which has a Cross-site Scripting vulnerability (XSS, where attackers inject malicious scripts into web pages). The content provided explains the framework for measuring vulnerability severity through metrics like attack vector, complexity, and impact, but does not describe the actual vulnerability details or its fix.
Parse Server, an open source backend framework that runs on Node.js, has a vulnerability where attackers can send specially crafted HTTP requests that cause the server to spend seconds or minutes processing a single request before checking user permissions or rate limits. An attacker only needs to know the application's public ID and can overload the server by sending a few concurrent requests or one large request, making it slow or unresponsive for legitimate users.
Google is suing a Chinese cybercrime network called Outsider that uses Gemini (Google's AI agent) to create phishing pages and send smishing attacks (fraudulent text messages impersonating trusted brands to steal personal and financial information). The network sells access to its phishing-as-a-service (PhaaS, a software tool that makes it easy for criminals to launch phishing campaigns) for as little as $88 per week, and has victimized over 100,000 people with millions in losses.
Budibase's VectorDB configuration endpoint accepts a host parameter with no validation, allowing any authenticated builder-level user to make the server connect to internal IP addresses or cloud metadata endpoints (like AWS's 169.254.169.254). This is an SSRF vulnerability (server-side request forgery, where a server is tricked into making requests to unintended destinations), enabling attackers to scan internal networks, discover running services, and potentially steal cloud credentials.
ChromaDB Rust (version 1.0.0 and later) has a security flaw where authorization validation (checking whether a user has permission to access data) is missing, allowing any logged-in user to read, write, update, or delete data from any tenant's collection (a storage area for data), even if they shouldn't have access to it. This is rated as HIGH severity with a CVSS score (a 0-10 rating of how severe a vulnerability is) of 8.8.
ChromaDB (a Python database project) versions 0.4.17 and later have a code injection vulnerability (CVE-2026-45833) that allows an authenticated attacker (someone with valid login credentials) to run arbitrary code (malicious programs) on the server by sending a malicious model repository when a specific setting is enabled. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 9.4, meaning it is critical.
CVE-2026-45832 is a vulnerability in ChromaDB's Python project where V1 collection-level endpoints (API access points for managing data collections) pass None (empty/null values) for the tenant and database parameters to the authorization layer, allowing attackers with login credentials to bypass authorization controls (security checks that verify what users are allowed to do) by using these older endpoints. The vulnerability has a CVSS score (0-10 severity rating) of 8.8, indicating it is high-severity.
ChromaDB Python versions 0.5.0 and later contain a vulnerability in the SimpleRBACAuthorizationProvider (a tool that checks user permissions) where it verifies that a user has permission to do something but fails to check which tenant, database, or collection that permission applies to. This allows users to perform actions across different tenants (separate customer environments) that they shouldn't be able to access.
ChromaDB (a Python tool for managing data collections) version 0.4.17 and later has a security flaw where authorization validation (checking if a user should be allowed to access something) is missing. This allows any user who is already logged in to read, write, change, or delete data in any tenant's collection (a shared workspace), even if they shouldn't have access to it. The severity is rated as HIGH with a CVSS score of 8.8 (a 0-10 scale measuring how serious a vulnerability is).
LangGraph's MongoDBSaver had a NoSQL injection vulnerability (a type of attack where special database commands are sneaked into queries) that allowed attackers to read checkpoint data (saved conversation states) from other users or tenants by injecting MongoDB operators like $gt into identifier fields. This happened because the code didn't enforce that these fields must be strings before using them in database queries.
Anthropic released Fable 5, which is an upgraded version of their earlier Mythos Preview model designed to be safer for general use. The update improves upon the previous version while maintaining focus on security and responsible deployment.
Bernie Sanders proposed creating a US sovereign wealth fund by taking 50% stock in major AI companies like OpenAI and Anthropic, arguing this would give the government democratic control over AI development and distribute AI wealth to the public. The authors agree these are important goals but argue that public ownership of AI companies would actually incentivize the government to prioritize corporate profits over public interest, using the Norwegian sovereign wealth fund's experience with oil companies as an example of how government ownership fails to steer corporations toward responsible policies.
Mistral, a European AI startup, is expanding beyond building AI models to developing data centers and exploring custom chip design to control more of its technology stack (the complete set of software and hardware components needed to run AI systems). CEO Arthur Mensch discussed how agentic AI (AI systems that can handle complex tasks independently, like advanced digital assistants) will require businesses to redesign their processes and decide where humans should remain involved in decision-making.
Apache CXF's JwsJsonContainerRequestFilter has a vulnerability that allows attackers to bypass signature verification and process unauthenticated metadata (like Content-Type headers or HTTP headers). This means an application might trust metadata that wasn't actually verified by a digital signature, potentially allowing attackers to manipulate how the application processes data.
Fix: Update Parse Server to version 8.6.77 or 9.9.1-alpha.1 or later, as this issue has been patched in these versions.
NVD/CVE DatabaseFix: Google is filing a lawsuit to dismantle the network's infrastructure and partnering with AT&T, T-Mobile, and Verizon to block phishing messages from reaching customers.
The Hacker NewsShadow AI (AI tools used by employees without IT approval or visibility) is becoming a major security risk because employees adopt AI faster than security teams can track, often on devices that traditional security tools can't monitor. Most organizations cannot see how many AI tools are in use, where they're being used, or what data is being shared with them, creating a dangerous gap between employee activity and security oversight.
Fix: Upgrade to @langchain/langgraph-checkpoint-mongodb@1.3.1 or later. Version 1.3.1 adds runtime validation for configurable checkpoint identifiers and rejects invalid values before they reach MongoDB query paths. The patch also includes regression tests covering object and operator payloads. As additional protection, validate identifier fields at API boundaries and avoid passing raw client objects into graph config.
GitHub Advisory DatabaseThis paper presents a new cryptographic method called certificateless lattice-based matchmaking encryption (CLLME) designed to secure data sharing on cloud platforms while meeting regulations like GDPR. CLLME provides post-quantum security (protection against future quantum computers), allows both senders and receivers to control who can access data, and includes a filtering mechanism to avoid decrypting irrelevant encrypted files. The researchers proved the method is mathematically secure and showed it works efficiently in real-world scenarios.
Anthropic released Claude Fable 5, a powerful AI model with built-in safeguards that automatically degrade its capabilities in high-risk areas like cybersecurity and biology to prevent misuse. Industry experts warn that the same AI capabilities making the model better at defensive tasks like code analysis also make it better at finding and exploiting vulnerabilities, creating a significant risk of AI-orchestrated hyperattacks (coordinated attacks that chain reconnaissance, discovery, exploitation, and lateral movement faster than human defenders can respond).
This research paper describes methods for making neural networks (AI models that learn patterns from data) more private by using fully homomorphic encryption (a type of encryption that lets computers perform calculations on encrypted data without decrypting it first). The work focuses on optimizing how these privacy-protecting neural networks search through and train on data while keeping information secure.
This research paper proposes a new cryptographic method for securing communication in IoT (Internet of Things) devices that is lightweight and preserves privacy. The scheme uses certificateless signcryption (a technique that combines digital signatures for authentication with encryption for confidentiality, without requiring traditional certificates) and designated-verifier privacy (meaning only a chosen recipient can verify that a message is authentic), designed to work efficiently on resource-constrained IoT devices.
Fix: Users are recommended to upgrade to Apache CXF versions 4.2.2 or 4.1.7, which fix this issue.
NVD/CVE Database