All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
OpenClaw versions 2026.4.1 and earlier have a vulnerability where QQ Bot structured payloads (specially formatted data sent through the bot) could read any file on the host computer by escaping the intended file directory boundaries. An attacker could craft a malicious payload to steal sensitive files that the OpenClaw process has access to.
Fix: Update OpenClaw to version 2026.4.2 or later. The fix restricts QQ Bot structured payload local paths (commit 2c45b06afdd6f7c621038b5419d8e661cff34a7f).
GitHub Advisory DatabaseHackers are actively exploiting CVE-2025-59528, a critical vulnerability in Flowise (an open-source platform for building AI agents and custom LLM applications) that allows arbitrary JavaScript code injection without validation through the CustomMCP node. The flaw was publicly disclosed in September, affects thousands of exposed instances online, and enables attackers to execute commands and access files on vulnerable systems.
CVE-2026-35487 is a path traversal vulnerability (a flaw that lets attackers read files outside the intended directory) in text-generation-webui, an open-source tool for running large language models through a web interface. Before version 4.3, attackers could exploit the load_prompt() function without logging in to read any .txt file on the server and see its contents in the API response.
text-generation-webui, an open-source web interface for running Large Language Models, has a vulnerability in versions before 4.3 where the superbooga and superboogav2 RAG extensions (tools that fetch external documents to help answer questions) accept user-provided URLs without checking them for safety. This allows attackers to access cloud metadata endpoints (services that store sensitive credentials in cloud environments) and steal IAM credentials (identity and access management tokens that control what users can do). The vulnerability is fixed in version 4.3.
OpenIdentityPlatform OpenAM 16.0.5 has a critical vulnerability that allows unauthenticated attackers to run arbitrary commands on the server through unsafe deserialization (the process of converting stored data back into objects) of the `jato.clientSession` parameter. Although a previous fix blocked this attack on a similar parameter called `jato.pageSession`, the `jato.clientSession` parameter was overlooked and remains unprotected, enabling attackers to exploit it through password reset pages and similar endpoints.
text-generation-webui, an open-source web interface for running Large Language Models, has a path traversal vulnerability (a security flaw where an attacker can access files outside the intended directory) in versions before 4.3. An unauthenticated attacker can exploit this by sending specially crafted requests through the API to read any file on the server, because Gradio (the framework it uses) does not validate user input on the server side.
CVE-2026-35484 is a path traversal vulnerability (a bug where an attacker can access files outside the intended folder) in text-generation-webui, an open-source tool for running large language models through a web interface. Before version 4.3, attackers could read any .yaml file (a configuration file format) on the server without needing to log in, potentially exposing sensitive data like passwords and API keys in the response.
CVE-2026-35483 is a path traversal vulnerability (a flaw that lets attackers read files outside intended directories) in text-generation-webui, an open-source tool for running large language models. Versions before 4.3 allow unauthenticated attackers to read files with extensions like .jinja, .jinja2, .yaml, or .yml from anywhere on the server.
CVE-2026-30079 is a vulnerability in OpenAirInterface V2.2.0 AMF (access and mobility management function, which handles device registration in mobile networks) where out-of-sequence messages (messages arriving in the wrong order) cause incorrect state transitions during user equipment registration. An attacker can send a SecurityModeComplete message before the proper initial registration is complete, causing the system to accept and register a device without performing proper authentication checks.
At RSAC 2026, cybersecurity leaders discussed how AI should be used in security work, including debates about agentic applications (AI systems that can act independently to solve problems) and whether human involvement can realistically keep up as AI scales up. The discussions highlighted the tension between automating security tasks with AI and maintaining human oversight in important decisions.
AI agents (autonomous systems that learn and adapt to execute workflows without constant human direction) work best when organizations redesign their processes around them rather than adding them to existing systems. Companies need to shift to an 'agent-first' model where AI agents handle routine operations while humans set goals and handle exceptions, requiring machine-readable process definitions and structured data flows to succeed.
This paper presents XFaceMark, a method that uses YOLO (an object detection system that identifies items in images) and random MRFO (a nature-inspired optimization algorithm) to add watermarks to deepfakes (AI-generated fake videos or images) in a way that can be explained and understood. The approach aims to make deepfakes traceable while allowing researchers to understand how the watermarking process works.
This academic paper discusses extending SBOMs (software bill of materials, which are detailed lists of all components and dependencies in software) to create AIBOMs that can describe agentic AI systems (AI systems that can take independent actions and make decisions). The paper proposes schema extensions, methods for coordinating multiple AI agents, and ways to evaluate whether AI systems produce consistent and reproducible results.
Anthropic released a preview of Mythos, a powerful new AI model, as part of Project Glasswing, a cybersecurity initiative involving over 40 partner organizations like Amazon, Microsoft, and Apple. The model, which was not specifically trained for cybersecurity but has strong coding and reasoning abilities, has reportedly identified thousands of zero-day vulnerabilities (security flaws unknown to the public and software vendors) in software systems during initial testing. The preview is limited to partner organizations for defensive security work and will not be made generally available to the public.
Anthropic is launching a new AI model called Claude Mythos Preview as part of Project Glasswing, a cybersecurity partnership with major tech companies like Nvidia, Google, and Microsoft. The model is designed to help large organizations and governments automatically detect vulnerabilities (security weaknesses) in their systems with minimal human involvement. Anthropic is limiting access to launch partners only and not releasing it publicly due to security concerns.
AI is making software creation faster and easier, leading to a future where temporary applications (instant software) might be created and deleted on demand, but this also means AI tools are getting better at both finding and exploiting vulnerabilities (weaknesses in code that attackers can use). While defenders can use the same AI capabilities to patch vulnerabilities and fix security problems, today's AI-generated software tends to contain many security flaws because AI doesn't yet write secure code well.
Fix: Upgrade to Flowise version 3.1.1 or at least version 3.0.6 as soon as possible. Additionally, consider removing Flowise instances from the public internet if external access is not required.
BleepingComputerNation-states are using AI agents (autonomous AI systems that can perform tasks without human intervention) to launch cyberattacks at speeds that traditional security responses cannot match. The article argues that cybersecurity defenses cannot rely on small, gradual improvements but must instead undergo fundamental architectural changes to address this new threat level.
Trent AI, a new startup, has secured $13 million in funding to develop a layered security solution (a multi-level protective system) designed to protect AI agents (software programs that act autonomously to complete tasks) throughout their entire lifecycle, from creation to deployment.
Many enterprises have applications disconnected from centralized identity systems (systems that control who can access what), creating blind spots that AI agents and attackers are actively exploiting. While organizations have invested in IAM (identity and access management, the practice of controlling user access) and Zero Trust security, legacy apps and siloed systems remain outside of centralized control, allowing AI agents to amplify credential risks and bypass security oversight.
Fix: Update text-generation-webui to version 4.3 or later, where this vulnerability is fixed.
NVD/CVE DatabaseFix: Update text-generation-webui to version 4.3 or later.
NVD/CVE DatabaseFix: Update text-generation-webui to version 4.3 or later, where this vulnerability is fixed.
NVD/CVE DatabaseFix: This vulnerability is fixed in version 4.3. Users should update text-generation-webui to version 4.3 or later.
NVD/CVE DatabaseFix: Update to version 4.3 or later. The vulnerability is fixed in 4.3.
NVD/CVE DatabaseThis article argues that there are fundamental mathematical limits to how secure and well-aligned (following intended behavior) AI systems can be, and that understanding these limits is important before deploying AI widely. The research also shows that AI systems have basic reasoning limitations that stem from these same information-theoretic constraints.