All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Citrix NetScaler contains an out-of-bounds read vulnerability (a memory access bug where software reads past the boundaries of allocated memory) in its SAML IDP (SAML identity provider, which authenticates users) component, potentially exposing sensitive data. This vulnerability is currently being actively exploited by attackers in the wild. The vulnerability affects multiple NetScaler products including NetScaler ADC, NetScaler Gateway, and their FIPS and NDcPP variants.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Consult the Citrix Security Bulletin (CTX696300) for detailed patching information.
CISA Known Exploited VulnerabilitiesOpenAI and partner organizations held an 'AI Jam' workshop in Bangkok with 50 disaster management leaders from 13 Asian countries to explore practical ways AI can improve emergency response. The workshop focused on building custom GPTs (generalized pre-trained transformer models, or AI tools trained on broad data) and workflows for tasks like situation reporting and needs assessment, addressing how disaster response teams in resource-constrained environments with fragmented data can work faster and more effectively.
Bluesky has released Attie, a new AI assistant powered by Claude (Anthropic's language model) that helps users create custom feeds using natural language instructions instead of traditional algorithmic settings. Users can describe what content they want to see, like 'posts about folklore, mythology, and traditional music, especially Celtic traditions,' and Attie builds a personalized feed based on that description, with plans to integrate it into Bluesky and other apps built on the AT Protocol (Bluesky's underlying technical foundation).
AVideo's payment plugins have a critical vulnerability where `list.json.php` endpoints (which retrieve payment transaction records) lack authentication checks, allowing anyone to access sensitive financial data including PayPal tokens, Authorize.Net webhook details, Bitcoin transaction records, and user IDs without logging in. This is the same type of vulnerability that was previously fixed in the Scheduler plugin, but the fix was not applied to 21 other vulnerable endpoints across the codebase.
A vulnerability (CVE-2026-5002) was discovered in PromtEngineer localGPT that allows injection attacks (inserting malicious code into input) through the LLM Prompt Handler component in the backend/server.py file. An attacker can exploit this vulnerability remotely, and the exploit code has been publicly released. The vendor has not responded to disclosure attempts, and because the product uses rolling releases (continuous updates without traditional version numbers), specific patch information is unavailable.
The Iran war is driving demand for lower-cost military technology, particularly drones and counter-drone systems, as the U.S. military realizes it cannot afford expensive responses to cheap threats. Defense tech companies like Anduril, Palantir, and others are gaining Pentagon contracts to develop systems such as LUCAS (a low-cost drone costing about $35,000) and laser counter-drone technology, though these tools currently represent less than 1% of overall defense spending.
OpenAI discontinued its Sora video-generation app and canceled plans to add video generation to ChatGPT, also ending a $1 billion deal with Disney. The company made these decisions because Sora was consuming large amounts of computational resources without generating enough revenue to justify the expense, as OpenAI focuses on becoming profitable.
A vulnerability (CVE-2026-4993) was found in wandb OpenUI up to version 1.0 where manipulating the LITELLM_MASTER_KEY argument in the backend/openui/config.py file can expose hard-coded credentials (passwords stored directly in the code). This vulnerability requires local access to exploit and has already been publicly disclosed, though the vendor did not respond to early notification.
Giskard Agents contain a server-side template injection vulnerability in the `ChatWorkflow.chat()` method, which treats user input as Jinja2 template code (a templating language that processes special syntax) instead of plain text. If a developer passes user-provided data directly to this method, an attacker can execute arbitrary code on the server by embedding malicious Jinja2 syntax in their input.
STADLER, a 230-year-old recycling equipment company, embedded ChatGPT (an AI language model that generates human-like text) across its workforce to speed up knowledge work like drafting, summarizing, and translating. The company achieved 30-40% time savings on common tasks, 2.5x faster first drafts, and 85% daily active usage by providing company-wide access, training, and clear guardrails while encouraging bottom-up experimentation.
Langflow, a tool for building AI-powered agents and workflows, had a vulnerability in versions before 1.9.0 where the Agentic Assistant feature would execute Python code generated by an LLM (large language model) on the server. An attacker who could access this feature and control what the model outputs could run arbitrary code (malicious commands) on the server itself.
Fleet's host transfer API has a broken access control vulnerability (a flaw where permission checks don't work properly) that lets a team maintainer steal hosts from other teams by transferring them without authorization checks. Once stolen, the attacker can control the devices and run scripts with root privileges (the highest permission level), breaking team isolation in multi-tenant deployments (systems serving multiple separate organizations).
Nanobot, a personal AI assistant, had a vulnerability in its email module that allowed attackers to send malicious prompts via email, which the bot would automatically process as trusted commands without the owner's knowledge. This is a type of indirect prompt injection (tricking an AI by hiding instructions in its input) that could let attackers run arbitrary system tools through the bot. Version 0.1.6 fixes this flaw.
LibreChat versions 0.8.2-rc1 through 0.8.3-rc1 have a vulnerability where user-created MCP (Model Context Protocol, a system for connecting AI models to external tools) servers can steal OAuth tokens (security credentials used for authentication). An attacker can create a malicious MCP server with special headers that trick LibreChat into substituting sensitive tokens, which are then leaked when victims use tools on that server.
LibreChat (a ChatGPT alternative with extra features) versions 0.8.2-rc2 through 0.8.2-rc3 have a security flaw in the SSE streaming endpoint (a real-time data connection) at `/api/agents/chat/stream/:streamId` that fails to check if a user actually owns a chat stream. This means any logged-in user can guess or obtain another user's stream ID and read their live conversations, including messages and AI responses, without permission.
LibreChat (a ChatGPT alternative with extra features) versions 0.8.2-rc2 through 0.8.2 have a vulnerability that allows attackers to access internal systems through SSRF (server-side request forgery, where an attacker tricks a server into making requests to resources it shouldn't access). Even though a previous SSRF fix was applied, it only checked domain names and didn't verify whether those names actually point to private IP addresses (internal network addresses), leaving the system exposed.
LibreChat, a ChatGPT alternative with extra features, has a security flaw in versions before 0.8.3 where a function called `isPrivateIP()` fails to recognize IPv4-mapped IPv6 addresses (IPv6 addresses that contain IPv4 address information) in a certain format, allowing logged-in users to bypass SSRF protection (SSRF is server-side request forgery, where an attacker tricks a server into making requests to internal networks it shouldn't access). This could let attackers access sensitive internal resources like cloud metadata services and private networks.
Companies like Samsung are posting ads on TikTok that appear to be made with generative AI (AI systems that create images or videos from text descriptions), but they're not adding the required AI disclosure labels that TikTok's advertising policies demand. This means users can't easily tell whether the ads they see are AI-generated or made by humans, even though the companies creating them know the truth.
RanDS is a new large-scale dataset containing raw binary files (the compiled machine code of programs) and extracted features designed to help researchers study and detect ransomware (malicious software that encrypts victims' files and demands payment). This resource aims to support the development and testing of machine learning models that can identify ransomware threats more effectively.
AI researchers report that online creators are using generative AI (artificial intelligence that creates images or videos from text descriptions) to produce fake images and videos of real political figures and entirely fabricated people, sometimes in military or sexualized contexts, to earn money and spread propaganda. These deepfakes (AI-generated fake media of people) are influential in shaping public perception of political figures, even when viewers know the content is not real.
Fix: Update to giskard-agents version 0.3.4 (stable branch) or 1.0.2b1 (pre-release branch). The fix replaces the unsandboxed Jinja2 Environment with SandboxedEnvironment, which blocks access to attributes starting with underscores and prevents the class traversal attacks that enable remote code execution.
GitHub Advisory DatabaseFix: Update to version 1.9.0, which fixes the issue.
NVD/CVE DatabaseFix: Upgrade to a patched version of Fleet. The source states: 'There is no workaround for this issue short of upgrading to a patched version.' As a precaution, organizations should audit host transfer activity in their Fleet logs for unexpected team reassignments.
GitHub Advisory DatabaseFix: Update nanobot to version 0.1.6 or later, which patches the vulnerability in the email channel processing module.
NVD/CVE DatabaseFix: Update to version 0.8.3-rc2, which fixes the issue.
NVD/CVE DatabaseFix: Version 0.8.2 patches the issue.
NVD/CVE DatabaseFix: Update to version 0.8.3-rc1, which contains a patch for this vulnerability.
NVD/CVE DatabaseFix: Update LibreChat to version 0.8.3, which fixes the issue.
NVD/CVE Database