All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Coinbase launched a tool called Coinbase for Agents that allows AI agents (software programs that can make decisions and take actions automatically) like ChatGPT or Claude to execute cryptocurrency trades and make payments on behalf of users using natural language instructions. The tool uses Coinbase's x402 machine-to-machine payments protocol (a system that lets AI agents pay for digital services directly without human involvement) and is expected to expand to stock trading and other financial activities, positioning AI agents as primary economic actors on the internet.
OpenAI announced it is acquiring Ona, a startup that provides secure cloud environments where AI agents (software that independently completes tasks for users) can access tools and information. Ona's technology will enable OpenAI's Codex coding assistant to handle longer-running tasks and help more organizations deploy AI agents into production. The acquisition reflects OpenAI's ongoing investment in Codex, which now has over 5 million weekly active users, as it competes with rival companies like Anthropic.
IBM Langflow OSS versions 1.0.0 through 1.9.1 have a security flaw where authenticated users (those already logged in) can bypass proper access controls using insecure direct object references (IDOR, where an attacker can access other users' data by guessing or modifying object identifiers in requests), allowing them to read or modify sensitive information they shouldn't have access to.
IBM Langflow Desktop versions 1.0.0 through 1.9.2 has a vulnerability called SSRF (server-side request forgery, where an attacker tricks the server into making unauthorized requests on their behalf). An authenticated attacker could use this to perform unauthorized network requests from the system, potentially discovering network information or launching further attacks.
Keras versions before 3.14.0 have a path traversal vulnerability (a security flaw where attackers can access files outside the intended directory) in its archive extraction utilities because the safety checks compare paths against the current working directory instead of the actual extraction destination. When running in environments like Docker containers where the current working directory is set to the filesystem root, attackers can bypass these checks and write malicious files anywhere on the system, potentially compromising configurations, code, and machine learning data.
AI company employees are gaining significant wealth through IPOs (initial public offerings, when private companies sell shares to the public for the first time), which is driving up home prices in the San Francisco Bay Area. Companies like OpenAI and Anthropic are planning IPOs, and their success could create even more demand for housing in an area that already has limited homes available.
Netty's RedisArrayAggregator handler has a bug where it leaks pooled direct-memory buffers (reusable chunks of memory managed by the JVM) when a Redis pipeline connection closes before finishing. The handler doesn't clean up its internal state properly, so buffers can't be returned to the shared memory pool, and repeated connection closures eventually cause all network operations in the program to fail due to memory exhaustion.
ServiceNow discovered and fixed a vulnerability in an unauthenticated API endpoint (a web interface that programs use to request data) that could have exposed customer data without requiring a login. The flaw affected specific ServiceNow instances and was initially reported through a bug bounty program in April, with security updates released to customers in June.
Check Point Research found a critical vulnerability in LangGraph, a widely-used framework (with 46.5 million monthly downloads) that helps developers build AI agents with memory and state management. An SQL injection (a type of attack where malicious database commands are inserted into user input) in LangGraph could let attackers take complete control of a server through remote code execution (RCE, where attackers run arbitrary commands on a system they don't own), potentially exposing API keys, customer data, and conversation history stored on the compromised system.
OpenAI is shifting its focus toward enterprise customers and preparing to go public, while Google and Apple are competing to bring AI features directly to everyday consumers through their existing devices and services. Google and Apple can afford to offer consumer AI for free to keep users in their ecosystems, whereas OpenAI and Anthropic are pursuing profitable enterprise deals with companies willing to pay for AI tools like code-generation software.
Major U.S. AI companies like Anthropic, OpenAI, Google, and others are expanding their offices in London to access the city's deep pool of AI talent and its status as a leading global financial center. London has become one of the world's strongest hubs for frontier AI (cutting-edge artificial intelligence research) talent outside the U.S., partly due to decades of investment anchored by DeepMind and leading universities. However, this expansion is creating challenges, including a significant shortage of high-quality office space expected to continue until 2030 and increased competition for hiring top talent that pressures local startups.
vLLM (an open-source tool for running large language models) versions 0.8.0 and later have a vulnerability where attackers can crash the server by sending a single request with thousands of video frames packed into one data URL. The vulnerability exists because the code that processes video frames doesn't limit how many frames it will try to load into memory, so an attacker can force it to decode so many frames that the server runs out of memory and stops working.
A former engineer at xAI (Elon Musk's AI company) filed a lawsuit claiming he was illegally fired for trying to implement safety mechanisms, known as guardrails (built-in limitations to prevent harmful outputs), on the Grok chatbot. The engineer, Devin Kim, alleges that his efforts to address AI safety risks led to retaliation from company leadership.
Check Point, a security company, has joined OpenAI's Trusted Access for Cyber (TAC) program and Daybreak initiative, which gives vetted security organizations access to OpenAI's AI models for defensive operations. The program aims to help security teams catch threats faster, investigate incidents more accurately, and trust their AI-assisted security results. This represents Check Point's commitment to carefully integrating AI into their security defenses and customer protections.
This bulletin covers multiple serious threats including 3.3 billion stolen credentials from infostealer malware (malware designed to steal passwords and login information), a $5,000-per-month RAT (remote access trojan, malware that lets attackers control a victim's computer) called SilabRAT that clones browser profiles to steal financial data, and a North Korean group conducting hands-on intrusions (attacks where human operators directly control compromised systems) against tech companies. The U.S. Department of Justice also seized 13 domains used to trick government employees into revealing classified information through fake job offers.
Fix: The source mentions one explicit action: 'The U.S. Department of Justice has announced the seizure of 13 internet domains masquerading as consulting companies.' It also provides preventive guidance: 'Anyone approached online with offers of easy income for vague consulting work should treat those overtures with extreme caution and remain vigilant for warning signs of malicious targeting.' Beyond these actions and warnings, no technical patches, software updates, or specific mitigation strategies are discussed in the source text.
The Hacker NewsFix: ServiceNow issued a security update (KB3067321) on June 5 for hosted customers and provided guidance (KB3067372) for self-hosted deployments. Additionally, customers were advised to audit their own Scripted REST API table and review any resources where the "requires_authentication" setting is unchecked, particularly those unchanged since before 2022.
CSO OnlineThis academic publication examines security vulnerabilities in the mechanisms that deliver software updates to computers and systems. The article, published in June 2026, analyzes how attackers might exploit the update process itself to compromise systems, rather than targeting the software after it's already installed.
Researchers describe a method for creating hidden communication channels within networks by using hash-based filtering to disguise data inside normal-looking network traffic. This technique, called a covert channel (a hidden path for sending information that shouldn't be detectable), could allow attackers to secretly send data through systems without being noticed by security tools.
Anthropic apologized for secretly adding hidden guardrails (safety restrictions that limit what an AI model can do) to Claude Fable 5, which prevented researchers and competitors from fully using the model. The company says it will now be more transparent about when these restrictions activate, even if it means the model refuses more user requests.
Fix: Anthropic will be more transparent about when the restrictions kick in and will reverse course from the hidden guardrail approach.
The Verge (AI)Google DeepMind and partner organizations are funding $10 million in research to understand the risks of multi-agent systems (multiple AI agents working together), because deploying millions of these agents could create new security threats like scams and prompt injection attacks (where an AI agent is manipulated by hidden malicious instructions). The researchers plan to study these risks by running realistic simulations where AI agents interact in controlled environments called sandboxes, since predicting behavior from studying single agents alone is insufficient.
AI agents (programs that perform tasks automatically) can install third-party skills (add-on packages, like apps on a phone) from public registries, but until now there was no automated way to check if a skill actually does what it claims before it gains access to sensitive data and system commands. Researchers introduced Behavioral Integrity Verification (BIV), a tool that compares what a skill says it does (in its documentation and metadata) against what its code actually does, and found that most skills deviate from their claims, with some containing dangerous multi-stage attack chains (sequences of seemingly harmless capabilities combined to steal credentials, execute unauthorized commands, or secretly extract data).
Fix: Security teams running LLM agents in production should inventory the third-party skills installed and require a behavioral-integrity check before installation rather than after. Palo Alto Networks customers can use Prisma AIRS and the Unit 42 AI Security Assessment service for protection.
Palo Alto Unit 42