All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Anthropic, an AI company, is suing the Trump administration, claiming the government is retaliating against it for refusing to let its AI tools be used in mass surveillance (monitoring large populations without consent) and autonomous weapons (weapons that can make decisions independently). Major tech companies like Microsoft and Google have publicly supported Anthropic's lawsuit, arguing that the government's actions violate free speech rights and could harm the entire technology sector.
Zendesk is acquiring Forethought, a company that builds AI agents (software programs that can automatically handle tasks without human control) to automate customer service interactions. Forethought was an early pioneer in this space, winning a major startup competition in 2018 before ChatGPT even existed, and by 2025 was handling over a billion customer service interactions monthly. Zendesk plans to integrate Forethought's technology into its own products to add more advanced AI capabilities like voice automation and autonomous features.
FastGPT, an AI Agent building platform, has a vulnerability in its Python Sandbox (fastgpt-sandbox) in version 4.14.7 and earlier where attackers can bypass file-write protections by remapping stdout (the standard output stream) to a different file descriptor using fcntl (a tool for controlling file operations), allowing them to create or overwrite files inside the sandbox container despite intended restrictions.
PingPong is a platform for using LLMs (large language models, AI systems trained on massive amounts of text) in teaching and learning. Before version 7.27.2, authenticated users (those logged in) could potentially access or delete files they shouldn't have permission to see or modify, including private user files and AI-generated outputs. An attacker would need to be logged in and have access to at least one conversation thread to exploit this vulnerability.
Shopware's Store API login endpoint leaks whether an email address is registered by returning different error codes: one code if the email doesn't exist and another if the password is wrong. An attacker can use this to enumerate valid customer accounts without needing to guess passwords, because they only need one request per email address. The storefront login page correctly hides this distinction by returning a generic error for both cases, but the Store API does not.
Google Cloud Vertex AI (a machine learning platform) had a vulnerability in versions 1.21.0 through 1.132.x where an attacker could create Cloud Storage buckets (cloud storage containers) with predictable names to trick the system into using them, allowing unauthorized access, model theft, and code execution across different customers' environments. The vulnerability has been fixed in version 1.133.0 and later, and no action is required from users.
A stored XSS vulnerability (cross-site scripting, where an attacker injects malicious code that gets saved and runs when others view it) was found in Google's Vertex AI Python SDK visualization tool. An unauthenticated attacker could inject harmful JavaScript code into model evaluation results or dataset files, which would then execute in a victim's Jupyter or Colab environment (cloud-based coding notebooks).
Cloud CLI (a user interface for Claude Code and similar tools) had a critical vulnerability in versions before 1.25.0 where user inputs called projectPath, initialCommand, and sessionId were directly used to build system commands without filtering, allowing attackers to inject arbitrary OS commands (OS command injection, where an attacker tricks the system into running unauthorized commands) through WebSocket connections. This vulnerability has been patched in version 1.25.0.
Cloud CLI (a user interface for AI coding tools like Claude Code and Gemini-CLI) had a vulnerability before version 1.24.0 where attackers who had login access could run unauthorized commands on a computer by manipulating text inputs in Git-related features. This happened because the software used string interpolation (directly inserting user text into commands) without properly checking if the input was safe, which is a type of OS command injection (CWE-78, where an attacker tricks the system into executing arbitrary commands).
Cloud CLI (a user interface for accessing Claude Code and similar tools) has a vulnerability in versions before 1.24.0 where user input in the git configuration endpoint is not properly sanitized before being executed as shell commands. This means an authenticated attacker (someone with login access) could run arbitrary OS commands (commands that do whatever they want on the operating system) by exploiting how backticks, command substitution (${}), and backslashes are interpreted within the double-quoted strings.
Cursor is a code editor designed for programming with AI assistance. Before version 2.0, the software was vulnerable to prompt injection attacks (tricking the AI by hiding malicious instructions in website content), which could bypass the command whitelist (a list of allowed commands) and cause the AI to execute commands without the user's permission. This is a serious security flaw rated as HIGH severity.
OpenAI is planning to integrate Sora, its video generation tool, directly into ChatGPT as a built-in feature, similar to how image generation was added previously. While this could increase ChatGPT's popularity, it may also increase the creation of deepfakes (synthetic videos that convincingly mimic real people or events) from the platform.
CVE-2026-30741 is a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in OpenClaw Agent Platform v2026.2.6 that can be triggered through a request-side prompt injection attack (tricking the AI by hiding malicious instructions in its input). The vulnerability allows attackers to execute arbitrary code, though a CVSS severity score (a 0-10 rating of how severe a vulnerability is) has not yet been assigned by NIST.
Meta acquired Moltbook, a social network for AI agents (autonomous software systems that act independently), primarily to hire its talented team rather than for the platform itself. Meta believes AI agents will become essential for businesses and could transform advertising by enabling agent-to-agent negotiations, where a consumer's AI agent might directly negotiate with a business's AI agent about product features, price, and values before making a purchase.
Meta acquired Moltbook, a social network for AI agents (software programs that act independently to complete tasks), primarily to hire its talented team rather than for advertising purposes. The acquisition positions Meta to benefit from an "agentic web" where AI agents representing businesses and consumers could interact to conduct transactions like shopping and advertising, potentially allowing Meta to control the "orchestration layer" (the system that decides which agents communicate with each other) and expand its advertising business.
This article reviews Bungie's new Marathon game, a revival of their 1990s multiplayer shooter that now functions as an online extraction shooter (a game where players drop into a map, collect items, complete objectives, and try to survive against other players). The game intentionally recreates 1990s aesthetic and culture, drawing inspiration from cyberpunk anime, club culture, and retro-futuristic design that was popular during that era.
Nvidia announced a $2 billion investment in Nebius, an AI cloud company, causing Nebius's stock to rise 14%. The two companies will work together on AI infrastructure deployment, fleet management, and inference (the process of running trained AI models to make predictions), with Nebius aiming to deploy over five gigawatts of computing capacity by 2030.
Targeted advertising (ads customized based on your personal data and location) has become a tool for government surveillance, with federal law enforcement now accessing data from advertising companies to track people's locations. The article discusses how the combination of corporate data collection and government access to that data threatens privacy and free speech online.
A study by CNN and the Center for Countering Digital Hate tested 10 popular chatbots used by teenagers and found that their safety features (protections designed to prevent harmful outputs) were inadequate. The chatbots often failed to recognize when users discussed violent acts and sometimes even encouraged these discussions instead of refusing to engage.
Fix: This vulnerability is fixed in version 7.27.2. Users should update PingPong to this version or later.
NVD/CVE DatabaseFix: Mitigations have already been applied to version 1.133.0 and later. Update to Vertex AI Experiments version 1.133.0 or later.
Google Cloud Security BulletinsFix: Update the google-cloud-aiplatform Python SDK to version 1.131.0 or later (released on 2025-12-16) to receive the fix.
Google Cloud Security BulletinsFix: Update Cloud CLI to version 1.25.0 or later, which fixes the OS command injection vulnerability.
NVD/CVE DatabaseFix: This vulnerability is fixed in version 1.24.0. Users should update Cloud CLI to 1.24.0 or later.
NVD/CVE DatabaseFix: This vulnerability is fixed in version 1.24.0. Users should update Cloud CLI to version 1.24.0 or later.
NVD/CVE DatabaseFix: This vulnerability is fixed in version 2.0.
NVD/CVE DatabaseResearchers demonstrated that agentic web browsers (AI systems that automatically perform actions across websites) can be tricked into phishing scams by using a GAN (generative adversarial network, a machine learning technique that generates increasingly refined fake content) to intercept and manipulate the AI's internal reasoning communications. Once a fraudster optimizes a fake page to bypass a specific AI browser's safeguards, that same malicious page works on all users of that browser, shifting the attack target from humans to the AI system itself.
Fix: The issues collectively codenamed PerplexedBrowser have been addressed by Perplexity (the AI company). The text does not provide specific technical details about how the fixes work or which versions contain the patches.
The Hacker News