All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
MLflow versions before v3.7.0 contain a command injection vulnerability (a flaw where attackers insert malicious commands into input that gets executed) in the sagemaker module. An attacker can exploit this by passing a malicious container image name through the `--container` parameter, which the software unsafely inserts into shell commands and runs, allowing arbitrary command execution on affected systems.
Fix: Update MLflow to version v3.7.0 or later.
NVD/CVE DatabaseThis week's security news includes Google patching two actively exploited Chrome vulnerabilities in the graphics and JavaScript engines that could allow code execution, Meta discontinuing encrypted messaging on Instagram, and law enforcement disrupting botnets (malware networks that hijack routers) like SocksEscort and KadNap that were being used for fraud and illegal proxy services. A threat actor also exploited a compromised npm package (a JavaScript code library) to breach an AWS cloud environment and steal data.
Threat actors are spreading GlassWorm malware through Open VSX extensions (add-ons for the VS Code editor) by abusing dependency relationships, a feature that automatically installs other extensions when one is installed. Instead of hiding malware in every extension, attackers create legitimate-looking extensions that gain user trust, then update them to depend on separate extensions containing the malware loader, making the attack harder to detect.
OpenAI is developing an "adult mode" for ChatGPT that will allow users to generate text conversations with adult themes, described as "smut" rather than pornography. The feature will initially support only text and will not generate images, voice, or video content. OpenAI claims to have reduced "serious mental health issues" in its AI model enough to safely relax safety restrictions (the guardrails that prevent the AI from producing certain types of content) for this feature.
This article discusses how the Chief Security Officer (CSO) and Chief Information Security Officer (CISO) roles have evolved from technical positions focused on perimeter defense (protecting network boundaries) into strategic leadership roles reporting to CEOs, where leaders must now govern emerging risks like shadow AI (unauthorized AI tools used without approval) and generative AI while also acting as business enablers rather than blockers. Modern CSOs are expected to balance security with business continuity, address regulatory compliance strategically, and help organizations achieve their goals rather than simply prevent risks.
Wing FTP Server has a vulnerability where error messages reveal sensitive information when users send an overly long value in the UID cookie (a small file that stores user identity data). This flaw is currently being actively exploited by attackers in real-world attacks.
OpenAI confirmed that ChatGPT ads are currently only available in the United States, despite privacy policy updates that mentioned ads leading some users to speculate about a global rollout. The company is taking a deliberate, phased approach to expand ads gradually and learn from real-world use before rolling out more widely. ChatGPT ads are personalized based on user queries, appear only to logged-in Free and Go plan users in the US, and are not shown to users under 18 or those who request to opt out.
Agentic engineering is the practice of developing software with the help of coding agents, which are AI tools that can write and execute code in a loop to achieve a goal. Rather than replacing human engineers, these agents handle code generation while humans focus on the higher-level work: defining problems clearly, choosing among different solutions, and verifying that the results are correct and robust. To get good results from coding agents, engineers need to provide them with proper tools, specify problems in sufficient detail, and deliberately update instructions based on what they learn from each iteration.
This talk covers how software developers are adopting AI coding agents, from simple question-asking with ChatGPT to agents writing entire programs. The speaker emphasizes that trusting AI output (like Claude Opus) requires pairing it with test-driven development (TDD, a practice where you write tests before the actual code) and manual testing, since automated tests alone don't guarantee the software will actually run correctly.
Fix: Google addressed the Chrome vulnerabilities in versions 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux.
The Hacker NewsShadow AI refers to AI tools used throughout an organization without IT oversight or approval, creating security and governance challenges. The source describes Nudge Security as a platform that addresses this by providing continuous discovery of AI apps and user accounts, monitoring for sensitive data sharing in AI conversations, and tracking which AI tools have access to company data through integrations.
Fix: According to the source, Nudge Security delivers mitigation through: (1) a lightweight IdP (identity provider, the system that manages user identities) integration with Microsoft 365 or Google Workspace that takes less than 5 minutes to enable, which analyzes machine-generated emails to detect new AI accounts and tool adoption; (2) a browser extension for real-time monitoring of risky behaviors and alerts when sensitive data (PII, secrets, financial info) is shared with AI tools; (3) tracking of SaaS-to-AI integrations and their access scopes; and (4) configurable alerts for new AI tools or policy violations.
BleepingComputerDeepfakes (fake videos created with AI that look and sound realistic) are becoming harder to detect, especially when they manipulate both audio and visual elements together. Researchers created FauForensics, a new detection system that uses facial action units (FAUs, quantitative measurements of facial muscle movements linked to emotions) to identify these manipulated videos more reliably across different datasets.
This article examines how large language models (AI systems trained on huge amounts of text data) can be used in cybersecurity red teaming (simulated attacks to test defenses) and blue teaming (defensive security work), mapping their abilities to established security frameworks. However, LLMs struggle in difficult, real-world situations because they have limitations like hallucinations (generating false information confidently), poor memory of long conversations, and gaps in logical reasoning.
This research addresses a challenge in few-shot action recognition (identifying actions in videos when only a few training examples exist) by proposing a framework called VIM that better uses two types of information: intra-video information (details within individual videos) and inter-video information (similarities between different videos). VIM uses an adaptive sampler to select important frames and regions in videos, plus an alignment model to match actions across videos more accurately, allowing the system to learn from limited video data more effectively.
This research analyzes how differences in data across demographic groups affect fairness in deep learning models, showing that when training data differs between groups, it becomes harder to create AI systems that perform equally well for everyone. The researchers propose Fairness-Aware Regularization (FAR), a training method that adjusts how models learn by directly reducing differences in feature patterns (the characteristics the model uses to make decisions) between demographic groups, and demonstrate it improves performance across multiple datasets including medical imaging, income prediction, and toxic comment detection.
Fix: The source proposes Fairness-Aware Regularization (FAR), described as a practical training objective that directly minimizes inter-group discrepancies in feature centroids and covariances to improve equitable performance. The authors validate FAR across all datasets in their study, consistently observing improvements in overall AUC (area under the curve, a performance metric), ES-AUC, and subgroup performance.
IEEE Xplore (Security & AI Journals)Autonomous AI agents (AI systems that operate independently to complete complex tasks with minimal human oversight) have advanced rapidly, creating new governance challenges because they can operate at machine speed without humans in the loop to approve each decision. Unlike traditional chatbots where humans reviewed outputs before consequential actions, agents now directly modify enterprise systems and data, making organizations legally liable for any harm caused (similar to how parents are responsible for their children's actions). Without building governance rules directly into the code that controls these agents' permissions and actions, organizations face significant risks from drift (where agents behave differently than intended) and unauthorized access to critical systems.
Organizations typically use separate security tools (BAS tools, pentesting products, vulnerability scanners) that don't communicate with each other, creating blind spots because attackers chain multiple vulnerabilities together in coordinated operations. The article proposes that agentic AI (autonomous AI agents that can plan, execute, and reason through complex tasks without human direction at each step) should be applied to security validation to create a unified, continuous system that combines adversarial perspective (how attackers get in), defensive perspective (whether defenses stop them), and risk perspective (which exposures actually matter).
Fix: As of March 13, Open VSX has removed the majority of the transitively malicious extensions. Socket researchers recommend treating extension dependencies with the same scrutiny typically applied to software packages, monitoring extension updates, auditing dependency relationships, and restricting installation to trusted publishers where possible.
CSO OnlineOWASP, a nonprofit cybersecurity organization, has published a checklist to help companies secure their use of generative AI and LLMs (large language models, which are AI systems trained on massive amounts of text to understand and generate human language). The checklist covers six key areas: understanding competitive and adversarial risks, threat modeling (identifying how attackers might exploit AI systems), maintaining an inventory of AI tools and assets, and ensuring proper governance and security controls are in place.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesAI companies are hiring improv actors through data-labeling companies like Handshake to create training data that teaches AI models to recognize and generate human emotions and character voices. This represents a strategy by major AI labs to gather specialized training data (the information used to teach AI systems) from skilled performers rather than relying solely on existing text or video sources.
This study examines what factors influence whether people and organizations in Taiwan adopt open banking (a system where banks share customer data with third-party apps through secure connections). Using expert interviews and surveys of potential users, researchers found that security concerns are the biggest worry, while government support and leadership backing are essential for getting started, and social influence also affects people's willingness to try open banking.
OpenClaw, an open-source AI agent, has critical security flaws that could let attackers trick it into leaking sensitive data through prompt injection (embedding malicious instructions in web content to manipulate the AI). The platform's weak default security settings and high system privileges create additional risks, including accidental data deletion, malicious code installation through skill repositories, and exploitation of known vulnerabilities that could compromise entire business systems.
Fix: To counter these risks, users and organizations are advised to: strengthen network controls, prevent exposure of OpenClaw's default management port to the internet, isolate the service in a container, avoid storing credentials in plaintext, download skills only from trusted channels, disable automatic updates for skills, and keep the agent up-to-date.
The Hacker News