All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Lodash versions 4.17.23 and earlier have a vulnerability in the `_.unset` and `_.omit` functions that allows prototype pollution (modifying built-in object templates like Object.prototype that affect all objects). An attacker can bypass the previous security fix by using array-wrapped path segments to delete properties from these core prototypes, though they cannot change how those prototypes work.
Fix: Upgrade to Lodash version 4.18.0 or later. The source states: 'This issue is patched in 4.18.0.'
GitHub Advisory DatabaseONNX's `save_external_data` method contains a TOCTOU vulnerability (time-of-check-time-of-use, a gap between checking if a file exists and using it) that allows attackers to overwrite arbitrary files by creating symlinks (shortcuts to other files) between those two operations. The code also has a potential path validation bypass on Windows systems that may allow absolute paths to be used.
PraisonAI's `FileTools.download_file()` function has a security flaw called SSRF (server-side request forgery, where a server is tricked into making requests to unintended targets) because it doesn't validate URLs before downloading files. An attacker can make it download from internal services or cloud metadata endpoints, potentially stealing credentials or accessing restricted information.
PraisonAI's SubprocessSandbox has a critical security flaw where it uses `shell=True` (a setting that makes subprocess execute commands through a shell) and only blocks certain command names, but doesn't block `sh` or `bash` executables, allowing attackers to escape the sandbox by running commands like `sh -c '<command>'` even in STRICT mode. This means security protections meant to isolate untrusted AI code can be bypassed, giving attackers access to the network, files, and system information.
PraisonAI's `passthrough()` function accepts a user-controlled `api_base` parameter (the server address to send requests to) and uses it without validation when the primary request method fails. This allows an attacker to make the server send requests to any address it can reach, including internal services like cloud metadata servers that contain sensitive credentials, a vulnerability called SSRF (server-side request forgery, where an attacker tricks a server into requesting internal resources). The flaw affects PraisonAI version 1.5.87 and potentially others.
PraisonAI's `run_python()` function has a shell injection vulnerability (a security flaw where attackers can sneak in operating system commands) because it doesn't properly escape shell metacharacters like `$()` and backticks when building commands. An attacker can inject arbitrary OS commands by embedding `$()` in code passed to the function, leading to full command execution on the system.
The `execute_code()` function in PraisonAI uses a sandbox to restrict what Python code can do, but attackers can bypass all three security layers by creating a custom `str` subclass (a modified version of the string type) with an overridden `startswith()` method, allowing them to run arbitrary OS commands on the host system. This is especially dangerous because many deployments auto-approve code execution without human review, so an attacker could trigger the vulnerability silently through indirect prompt injection (sneaking malicious instructions into the AI's input).
datasette-llm 0.1a6 is a plugin (add-on software) that helps integrate LLMs into the datasette data tool. This release simplifies configuration by automatically adding a default model to the allowed models list, so developers don't have to list the same model ID twice.
This is an announcement about datasette-enrichments-llm version 0.2a1, a tool that combines datasette (a database publishing platform), llm (a language model interface), and enrichments (adding extra data to existing information). The post is from Simon Willison dated April 1st, 2026, and appears to be part of a monthly briefing about LLM developments.
ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) versions before 1.21.0 have a symlink traversal vulnerability (a flaw where attackers can follow symbolic links to access files outside the intended model directory), allowing unauthorized reading of files outside the model directory. This vulnerability affects how ONNX loads external data when processing models.
ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) has a security flaw in versions before 1.21.0 where its file-loading function checks for symlinks (shortcuts to files) but misses hardlinks (alternate names pointing to the same file), allowing attackers to bypass path traversal protections (restrictions that prevent accessing files outside an intended folder).
ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) had a vulnerability in versions before 1.21.0 where it didn't properly validate data loaded from model files, allowing an attacker to craft a malicious model that could overwrite internal object properties. An attacker could exploit this by embedding specially crafted metadata (like file paths) into an ONNX model file that would be processed without proper checks.
ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) versions before 1.21.0 have a path traversal vulnerability via symlink (a shortcut that points to files outside its intended folder), allowing attackers to read arbitrary files outside the model or user-provided directory. This vulnerability has a CVSS score (0-10 severity rating) of 8.7, indicating high severity.
PlayStation console prices have risen significantly over five years, breaking the historical trend of consoles becoming cheaper over time. The article argues that AI data centres demanding massive amounts of computing power for RAM and storage have increased hardware costs, contributing to these price hikes alongside other factors like global conflicts and inflation.
Elgato's Stream Deck 7.4 software update now supports MCP (Model Context Protocol, a standard that lets AI assistants interact with software tools), allowing AI chatbots like Claude and ChatGPT to automatically activate Stream Deck buttons instead of requiring manual button presses. Users can now request actions through voice or text, and the AI will trigger the corresponding Stream Deck functions.
Fix: The source text provides a suggested fix that validates URLs by checking that the scheme is http or https, and blocking requests to private/reserved IP ranges (127.0.0.0/8, 169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) using the `urllib.parse` and `ipaddress` Python modules. The fix includes a `_validate_url()` function that raises a ValueError if a blocked address is detected. Additionally, the code should be updated to call this validation function before passing the URL to `httpx.stream()`, and `follow_redirects=True` should be reconsidered to prevent redirect-based bypasses.
GitHub Advisory DatabaseFix: Replace the `subprocess.run()` call with `shlex.split(command)` (a function that safely parses command strings) and set `shell=False` to disable shell interpretation. Specifically, change from `subprocess.run(command, shell=True, ...)` to `subprocess.run(shlex.split(command), shell=False, cwd=cwd, env=env, capture_output=capture_output, text=True, timeout=timeout)`.
GitHub Advisory DatabaseAnthropic was developing Claude Mythos, an advanced AI model with improved abilities in vulnerability discovery (finding weaknesses in software) and exploit development (creating tools to attack those weaknesses). This capability means AI can now help attackers find and exploit security flaws more quickly and at larger scale than before, making cyber defense significantly more challenging.
Anthropic accidentally leaked nearly 2,000 internal files and 500,000 lines of code for its Claude Code AI tool due to human error, when an internal file was mistakenly included in a software update and pointed to an archive that was quickly copied to GitHub. The leaked source code spread widely on social media and became GitHub's fastest-ever downloaded repository before Anthropic issued copyright takedown requests to limit its distribution.
Fix: Anthropic issued copyright takedown requests to try to contain the code's spread.
The Guardian TechnologyFix: This issue has been patched in version 1.21.0. Users should upgrade to ONNX version 1.21.0 or later.
NVD/CVE DatabaseFix: Update ONNX to version 1.21.0 or later, where this issue has been patched.
NVD/CVE DatabaseFix: Update ONNX to version 1.21.0 or later, where this issue has been patched.
NVD/CVE DatabaseFix: Update to ONNX version 1.21.0 or later, where this issue has been patched.
NVD/CVE DatabaseResearcher Hung Nguyen used Anthropic's Claude Code (an AI tool for analyzing code) to quickly discover zero-day exploits (previously unknown security flaws) in Vim and GNU Emacs, two widely-used text editors. Claude Code found vulnerabilities that would allow attackers to execute arbitrary code (run commands they don't control) simply by tricking users into opening malicious files, and even generated proof-of-concept exploits (working examples of attacks) within minutes.
Fix: For Vim: The vulnerability (CVE-2026-34714, CVSS score 9.2) was fixed by the maintainers in version 9.2.0272. For GNU Emacs: The source text states that GNU Emacs maintainers declined to address the issue and believes it to be a problem with Git instead; Nguyen suggests manual mitigations but the source does not explicitly describe what those mitigations are.
CSO OnlineThis webinar discusses agentic AI (AI systems that can plan and take actions independently to complete tasks), its current capabilities and limitations, and how disconnected applications create identity security vulnerabilities that have led to real breaches. The event explores the 'last mile problem' in identity security, which refers to the final challenge of verifying user identity across systems that don't communicate well with each other.
Traditional enterprise security approaches that simply block access to AI tools and websites create a "Workaround Economy" where employees bypass controls through unmanaged alternatives like personal email or browser extensions, resulting in zero organizational visibility and increased risk. The article argues that blocking tools is ineffective because security tools like firewalls and endpoint agents (software that monitors device activity) either break user experience or remain blind to threats like browser extensions harvesting data, as illustrated by a law firm that blocked DeepSeek but discovered 70% of users had installed invisible AI wrapper extensions routing traffic overseas.