aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6373 items

Large language model (LLM) for software security: Code analysis, malware analysis, reverse engineering

inforesearchPeer-Reviewed
researchsecurity
Mar 16, 2026

This is a review article examining how Large Language Models (LLMs, AI systems trained on vast amounts of text to understand and generate language) are being used in cybersecurity to analyze malware (harmful software designed to damage systems). The article surveys recent research on using LLMs for malware detection, understanding malicious code structure, reverse engineering (the process of analyzing compiled software to understand how it works), and identifying patterns of malicious behavior.

Elsevier Security Journals

VFEFL: Privacy-preserving federated learning against malicious clients via verifiable functional encryption

inforesearchPeer-Reviewed
security

Towards few-shot malware classification with fine-grained and pattern-aware multi-prototype network

inforesearchPeer-Reviewed
research

Vuln2Action: An LLM-based framework for generating vulnerability reproduction steps and mapping exploits

inforesearchPeer-Reviewed
research

Multi-modal malware classification with hierarchical consistency and saliency-constrained adversarial training

inforesearchPeer-Reviewed
research

Personalized differential privacy for high-dimensional data: A random sampling and pruning privacy tree approach

inforesearchPeer-Reviewed
security

A hybrid machine learning and cryptography-based predictive probability model for enhancing security and privacy in cloud-IoT environment

inforesearchPeer-Reviewed
research

v0.14.18

lownews
security
Mar 16, 2026

LlamaIndex v0.14.18 is a release that deprecates Python 3.9 (stops supporting an older version of the Python programming language) across multiple packages and includes several bug fixes, such as preserving chat history during incomplete data streaming and preventing division-by-zero errors. The update also adds features like improved text filtering across different database backends and maintains dependencies across 51 directories.

CVE-2026-4269 - Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit

highvulnerability
security
Mar 16, 2026

The Bedrock AgentCore Starter Toolkit (a tool for building AI agents on AWS) before version v0.1.13 has a vulnerability where it doesn't properly verify S3 ownership (S3 is AWS's cloud storage service). This missing check could allow an attacker to inject malicious code during the build process (when the software is being compiled), potentially leading to code execution in the running application. The vulnerability only affects users who built the toolkit after September 24, 2025.

Where OpenAI’s technology could show up in Iran

infonews
policysecurity

Encyclopedia Britannica is suing OpenAI for allegedly ‘memorizing’ its content with ChatGPT

infonews
securitypolicy

GHSA-r5pr-887v-m2w9: Stored XSS in Memray-generated HTML reports via unescaped command-line metadata

lowvulnerability
security
Mar 16, 2026
CVE-2026-32722

Memray versions 1.19.1 and earlier had a stored XSS vulnerability (a type of attack where malicious code is permanently stored and executed when viewed) in their HTML reports because command-line arguments were inserted directly into the HTML without escaping (converting special characters so they display as text rather than code). An attacker who could control a program's script name or command-line arguments could inject JavaScript that would execute when someone opened the generated report in a browser.

CVE-2026-4270 - AWS API MCP File Access Restriction Bypass

highvulnerability
security
Mar 16, 2026

A vulnerability (CVE-2026-4270) exists in AWS API MCP Server versions 0.2.14 through 1.3.8, which is software that lets AI assistants interact with AWS services. The bug allows attackers to bypass file access restrictions (the security controls that limit which files an AI can read) and potentially read any file on the system, even when those restrictions are supposed to be enabled.

GHSA-hqmj-h5c6-369m: ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

highvulnerability
security
Mar 16, 2026
CVE-2026-28500

ONNX's onnx.hub.load() function has a security flaw where the silent=True parameter completely disables warnings and user confirmations when loading models from untrusted repositories (sources not officially verified). This means an attacker could trick an application into silently downloading and running malicious models from their own GitHub repository without the user knowing, potentially allowing theft of sensitive files like SSH keys or cloud credentials.

Yahoo CEO Jim Lanzone on reviving the web’s homepage

infonews
industry
Mar 16, 2026

This is an interview with Yahoo CEO Jim Lanzone discussing Yahoo's business strategy, including its new AI-powered search tool called Scout, its advertising platform decisions, and portfolio changes like selling Engadget and TechCrunch. The article explains advertising technology concepts like SSPs (supply-side platforms, which let websites sell ad space) and DSPs (demand-side platforms, which let advertisers automatically buy ads across many sites), showing how Yahoo is shifting investment toward the more profitable DSP business model.

CVE-2026-26133: AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

highvulnerability
security
Mar 16, 2026
CVE-2026-26133

CVE-2026-26133 is a vulnerability in Microsoft 365 Copilot where an attacker can use AI command injection (tricking the AI system by embedding hidden commands in normal-looking input) to access and disclose information over a network without authorization. The vulnerability has a CVSS score (a 0-10 rating of how severe a security flaw is) of 4.0, indicating moderate severity.

CVE-2026-25083: GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logg

highvulnerability
security
Mar 16, 2026
CVE-2026-25083

CVE-2026-25083 is a missing authorization vulnerability in GROWI (a collaboration platform) affecting version 7.4.5 and earlier. A logged-in user who knows the identifier of a shared AI assistant can view and modify other users' conversation threads and messages without permission, because the API endpoints don't properly verify whether the user should have access. This is rated as HIGH severity with a CVSS score (a 0-10 scale measuring vulnerability severity) of 8.7.

CVE-2025-69240: Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker

infovulnerability
security
Mar 16, 2026
CVE-2025-69240

Raytha CMS has a vulnerability where attackers can trick the server into sending password reset emails with links pointing to the attacker's domain instead of the legitimate one by spoofing HTTP headers (X-Forwarded-Host or Host, which tell the server what domain name was used to reach it). When a victim clicks the malicious link, their password reset token gets sent to the attacker, who can then reset their password and take over their account.

CVE-2025-69239: Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker

infovulnerability
security
Mar 16, 2026
CVE-2025-69239

Raytha CMS has a vulnerability called SSRF (server-side request forgery, where an attacker tricks the server into making HTTP requests to unintended locations) in its "Themes - Import from URL" feature that allows high-privilege attackers to redirect the server's own HTTP requests. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.1, classified as medium severity.

CVE-2025-15060: claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability. This vulnerability allows rem

criticalvulnerability
security
Mar 16, 2026
CVE-2025-15060

CVE-2025-15060 is a remote code execution vulnerability in claude-hovercraft that allows attackers to run arbitrary code without needing to log in. The flaw exists in the executeClaudeCode method, which fails to properly validate user input before using it in a system call (a request to run operating system commands), allowing attackers to inject malicious commands.

Previous163 / 319Next
research
Mar 16, 2026

Federated learning (a system where multiple computers train AI models together without sharing their raw data) faces two major security problems: attackers can steal information from the local models that clients upload, and malicious clients can sabotage the training by sending bad models. This paper proposes VFEFL, a new federated learning scheme that uses verifiable functional encryption (a type of encryption that lets you check if calculations on encrypted data are correct without decrypting it) to protect client data privacy while detecting and defending against attacks from dishonest participants.

Fix: The paper proposes VFEFL (a privacy-preserving federated learning scheme based on verifiable functional encryption) as the solution. According to the source, VFEFL 'employ[s] a verifiable functional encryption scheme to encrypt local models in the federated learning, ensuring data privacy and correctness during encryption and decryption' and 'enables verifiable client-side aggregated weights and can be integrated into standard federated learning architectures to enhance trust.' The source states that 'experimental results demonstrate that VFEFL effectively defends against such attacks while preserving model privacy' under both targeted and untargeted poisoning attacks.

Elsevier Security Journals
Mar 16, 2026

This research paper proposes FIPAPNet, a machine learning system designed to classify malware when only a few samples are available, which is important because new malware variants often appear with limited examples. The system uses few-shot learning (a technique where AI learns from minimal training data) combined with dynamic features like system call sequences to achieve 93% accuracy in early-stage malware detection. This approach helps security defenders respond quickly to zero-day attacks (new, previously unknown malware) without needing hundreds of samples to retrain their detection models.

Elsevier Security Journals
security
Mar 16, 2026

Vuln2Action is an LLM-based framework designed to help security testers reproduce vulnerabilities and map exploits more systematically. The paper addresses a key challenge in penetration testing (controlled simulations of cyberattacks to find security weaknesses): vulnerability reproduction is time-consuming and relies heavily on manual expertise, yet publicly available exploits exist for less than 1% of known vulnerabilities. While LLMs show promise for analyzing large amounts of threat data, the authors found that current models often refuse to provide exploit-related guidance due to built-in safety restrictions.

Elsevier Security Journals
security
Mar 16, 2026

This paper discusses the growing challenge of malware (malicious software designed to exploit computer system vulnerabilities) detection, noting that over 450,000 new malware samples are detected daily as of 2024. Traditional detection methods like signature-based detection (matching known byte patterns against a database) and behavior-based detection (running malware in isolated test environments to observe its actions) have limitations: signature-based methods fail against new or disguised malware, while behavior-based methods are computationally expensive and can be evaded by malware that detects virtual environments. The paper proposes using machine learning and deep learning approaches trained on features from both static and dynamic analysis to better classify files as malicious or benign.

Elsevier Security Journals
privacy
Mar 16, 2026

This paper discusses differential privacy (DP, a mathematical method that adds noise to data to protect individual privacy while keeping data useful), which is stronger than traditional anonymization techniques like generalization and suppression. The authors address a key challenge: existing DP methods struggle with high-dimensional data (datasets with many features) and treat all data features equally, even though real-world data has varying privacy needs, such as medical records where disease diagnoses need more protection than age.

Elsevier Security Journals
Mar 16, 2026

This item is a biography of Dr. Kamta Nath Mishra, an academic researcher with over 25 years of experience in computer science. While the title mentions a hybrid machine learning and cryptography model for cloud-IoT (internet of things, networked physical devices) security, the provided content contains only his educational background and career history with no technical details about the actual security research or any vulnerabilities.

Elsevier Security Journals
LlamaIndex Security Releases

Fix: Update to Bedrock AgentCore Starter Toolkit version v0.1.13 or later.

AWS Security Bulletins
Mar 16, 2026

OpenAI has agreed to allow the Pentagon to use its AI technology in classified military environments, raising questions about potential applications in the escalating conflict with Iran. The article describes how OpenAI's generative AI (AI that can produce text, images, or other outputs based on patterns) could be used to help analyze potential military targets and prioritize strikes, as well as through a partnership with Anduril to defend against drone attacks, marking the first serious military testing of generative AI for real-time combat decisions.

MIT Technology Review
Mar 16, 2026

Encyclopedia Britannica and Merriam-Webster sued OpenAI, claiming it used their copyrighted content to train ChatGPT without permission and that GPT-4 (OpenAI's AI model) now outputs text that closely matches their original material. The publishers allege that OpenAI 'memorized' their content during training, meaning the AI absorbed and can reproduce substantial portions of their work.

The Verge (AI)

Fix: Upgrade to Memray 1.19.2, and avoid attaching Memray to untrusted processes until you have upgraded.

GitHub Advisory Database
AWS Security Bulletins
GitHub Advisory Database
The Verge (AI)
NVD/CVE Database
NVD/CVE Database

Fix: This issue was fixed in version 1.4.6.

NVD/CVE Database

Fix: This issue was fixed in version 1.4.6.

NVD/CVE Database
NVD/CVE Database