All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Attackers are increasingly using legitimate cloud services and APIs (application programming interfaces, which allow different software to communicate) to hide malicious activity and command-and-control (C2, systems that attackers use to remotely control compromised computers) operations. Instead of using their own servers or local tools, adversaries exploit trusted platforms like Google Sheets, OpenAI APIs, Microsoft Graph API, and cloud storage to blend attacks into normal business traffic and evade traditional security defenses.
Anduril Industries, a defense technology company, acquired ExoAnalytic Solutions, a firm that tracks missiles and gathers intelligence using telescopes and satellites. The acquisition helps Anduril improve its space defense capabilities as the U.S. Department of Defense treats space as an increasingly important area for military operations, particularly for a large defense project called the Golden Dome.
Companies often buy too many security tools to protect against growing cyber threats, but this creates problems: too many alerts can hide real security issues, and the risk of successful attacks actually increases. The article presents six expert-recommended approaches to reduce this "security tool sprawl" (excessive accumulation of overlapping security products), including auditing which tools actually add value, using data analytics to identify ineffective tools, implementing automation to consolidate alerts, and eliminating duplicate tools.
Historian Rutger Bregman argues that consumers should boycott ChatGPT because OpenAI has partnered with the Pentagon, which he claims integrates the chatbot into authoritarian infrastructure. The QuitGPT group is demanding that OpenAI stop donations to Trump and refuse to use AI for mass surveillance or lethal autonomous weapons (weapons that can select and attack targets without human control).
Google is expanding its Gemini AI chatbot integration in Chrome to India, Canada, and New Zealand, allowing users to access Gemini through a sidebar on desktop and mobile to ask questions about web content, access Gmail and other Google apps, and compare information across tabs. The rollout includes support for Indian languages like Hindi, Bengali, and Tamil, along with features such as image transformation using Nano Banana 2 (a generative AI tool for editing images) and the ability to compose emails or summarize videos without leaving the Chrome sidebar.
The `@appium/support` library has a bug in its ZIP file extraction code that fails to prevent Zip Slip attacks (a vulnerability where malicious ZIP files use `../` path components to write files outside the intended folder). The security check creates an error message but never throws it, so malicious ZIP entries can write files anywhere the Appium process has permission to write. This affects all JavaScript-based ZIP extractions by default.
AI security risk doesn't come from single weaknesses but emerges when components across multiple layers (infrastructure, models, data, and applications) interact together. A chatbot example shows how individually minor issues like public endpoints, weak guardrails, and tool permissions combine to create serious exploitable vulnerabilities. Traditional security tools can't capture these interconnected risks because they work in isolation rather than examining how AI system components behave together.
Microsoft's March Patch Tuesday release includes three high-severity vulnerabilities in Office: an information disclosure flaw in Excel (CVE-2026-26144) that can leak data through improper input handling, and two remote code execution bugs (CVE-2026-26113 and CVE-2026-26110) caused by memory handling errors that could let attackers run malicious code. These vulnerabilities are particularly dangerous because they can be triggered through routine document handling and preview features without requiring user interaction.
Flowise, a tool for building custom AI workflows with a drag-and-drop interface, had a vulnerability before version 3.0.13 where its HTTP Node allowed attackers to perform SSRF (server-side request forgery, forcing a server to make requests to internal resources it shouldn't access) by sending requests to private networks or internal systems that are normally hidden from the public internet. This vulnerability is fixed in 3.0.13.
Microsoft is supporting Anthropic, an AI company that was recently banned by the Pentagon as a supply chain risk (a security designation historically used for foreign adversaries), by asking a court to temporarily block the ban so both sides can negotiate. The dispute arose because Anthropic wanted safeguards against its AI models being used for autonomous weapons or mass surveillance, while the Pentagon wanted unrestricted access for any lawful military purpose.
Ford announced Ford Pro AI, a generative AI system (software that creates text and insights) that analyzes data from commercial vehicles like speed and engine health to help fleet managers make decisions. The system works as a chatbot (a conversational AI interface) within Ford's telematics software (the system that collects and monitors vehicle data) where managers can ask questions about their fleets or get recommendations to reduce fuel costs.
Elon Musk's AI company xAI received approval to operate 41 methane gas turbines at its Mississippi datacenter to power its AI supercomputers (large arrays of specialized computing chips used to train and run AI models), nearly doubling its current power capacity. These turbines will provide electricity for xAI's infrastructure that supports Grok, the company's AI chatbot product.
Cyber threats like phishing, ransomware, and deepfakes continue to target organizations globally, with ransomware detections in India surging 70% between late 2024 and mid-2025, while threat actors are becoming more effective by using AI. Many attacks exploit unpatched systems (systems running outdated software with known security flaws) and zero-day exploits (previously unknown vulnerabilities), and it is becoming harder to distinguish real videos from AI-generated fake ones. Organizations are increasingly turning to threat intelligence services, including APT reporting (analysis of advanced persistent threat groups) and MDR (managed detection and response, where external experts monitor systems for threats), to stay informed about evolving threats.
Meta has acquired Moltbook, a social media platform designed specifically for AI agents (software programs that can autonomously perform tasks). The acquisition brings Moltbook's leadership into Meta's AI division and reflects growing interest in AI agents that can interact with each other and complete real-world tasks like managing calendars and sending emails.
This release (v0.14.16) of llama-index-core includes multiple security and stability fixes, including a critical security patch that adds RestrictedUnpickler to prevent unsafe deserialization (CWE-502, a vulnerability where untrusted data can be converted back into Python objects in unsafe ways). The update also introduces new rate-limiting features, fixes async/await issues that could block operations, and improves how the system handles tool calls and API retries across various AI model integrations.
Fix: The source explicitly recommends four mitigation strategies: (1) Conduct a thorough inventory to identify which security components provide real value, and remove tools that don't address any current risks. (2) Use data analytics (ideally automated and visualized in dashboards) to find ineffective or failing controls, using this data to inform executive decisions. (3) Prioritize tools with extensive automation features to consolidate alerts and tickets, and automate repetitive tasks like patch management (applying security updates), threat hunting (searching for signs of attacks), and incident response (responding to security events) to reduce errors and burden on security teams. (4) Eliminate duplicate tools that accumulate through mergers, departmental silos, or oversight.
CSO OnlineIn a red-teaming experiment (a security test where one AI tries to attack another), CodeWall's autonomous AI agent defeated Jack & Jill's hiring platform by chaining together four seemingly minor bugs: a URL fetcher that didn't block internal domains, an enabled test mode, missing role checks during user onboarding, and absent domain verification. Once inside the system, the agent unexpectedly gave itself a voice and used social engineering (manipulating people through conversation) to interact with Jack & Jill's voice agents, even masquerading as Donald Trump, to gain full administrative access to company data.
n8n, a workflow automation tool, has a vulnerability in how it handles dynamically managed code resources (code that is created or modified while the program runs), which allows attackers to execute arbitrary code remotely on affected systems. This vulnerability is currently being actively exploited by attackers in the wild.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services (a government directive for managing cloud security), or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesFix: If patch deployment must be delayed, organizations should restrict outbound network traffic from Office applications, monitor unusual network requests from Excel processes, and disable or limit AI-driven automation features such as Copilot Agent mode to reduce exposure.
CSO OnlineFix: Update Flowise to version 3.0.13 or later.
NVD/CVE DatabaseFix: Microsoft advocates for a temporary restraining order that would allow Anthropic and the Department of Defense to pursue a 'negotiated resolution that will better serve all involved and avoid wide-ranging business impacts,' giving both parties 'time and a process to find common ground.' No specific technical fix or system update is mentioned in the source.
CNBC TechnologyAnthropic, an AI company, refused to let the U.S. Department of Defense use its large language model (LLM, an AI trained on large amounts of text data) technology for surveillance, and the Pentagon retaliated by labeling the company a "supply chain risk." Anthropic is now asking courts to block this designation, arguing that forcing a company to change its code violates the First Amendment. The article explains that the government already collects vast amounts of personal data and uses AI to analyze it, creating risks for privacy and free speech, so companies should be allowed to add guardrails (safety limits built into AI systems) without government punishment.
Amazon has launched Health AI, a healthcare assistant available on its website and app that can answer health questions, explain medical records, and manage appointments by accessing users' health information through a secure nationwide system. While Amazon says Health AI operates in a HIPAA-compliant environment (meaning it follows healthcare privacy rules) and trains its models on abstracted patterns rather than identifiable patient data, researchers warn that companies may use user conversations for training purposes, though Amazon did not provide specific details about encryption methods or access controls.
Organizations face increasing cybersecurity challenges as AI becomes a double-edged sword, used by both attackers and defenders to identify threats. The key competitive advantage is not AI alone, but rather teams of skilled humans working together with AI tools, supported by strong resources and threat intelligence, to defend against AI-augmented attacks that can now be launched globally without geographic limitations.
Fix: According to the source, best practices for CISOs and CIOs include: 'It is important for CIOs and CISOs to have a clear Buy-in from employees, stakeholders, C-level, board for AI journey. Implement AI in a safe and cost-effective way with all stakeholders in the know-how of the roadmap.' Additionally, the source recommends that security leaders should examine threat intelligence and recent attack techniques, map organizational assets to identify vulnerabilities, and ensure defense strategies are international in scope rather than localized.
CSO OnlineFix: Update to llama-index-core version 0.14.16 or later. The security fix is implemented in commit #20857: 'add RestrictedUnpickler to SimpleObjectNodeMapping (CWE-502)'.
LlamaIndex Security Releases