All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Cloud CLI (a user interface for Claude Code and similar tools) had a critical vulnerability in versions before 1.25.0 where user inputs called projectPath, initialCommand, and sessionId were directly used to build system commands without filtering, allowing attackers to inject arbitrary OS commands (OS command injection, where an attacker tricks the system into running unauthorized commands) through WebSocket connections. This vulnerability has been patched in version 1.25.0.
Fix: Update Cloud CLI to version 1.25.0 or later, which fixes the OS command injection vulnerability.
NVD/CVE DatabaseCloud CLI (a user interface for AI coding tools like Claude Code and Gemini-CLI) had a vulnerability before version 1.24.0 where attackers who had login access could run unauthorized commands on a computer by manipulating text inputs in Git-related features. This happened because the software used string interpolation (directly inserting user text into commands) without properly checking if the input was safe, which is a type of OS command injection (CWE-78, where an attacker tricks the system into executing arbitrary commands).
Cloud CLI (a user interface for accessing Claude Code and similar tools) has a vulnerability in versions before 1.24.0 where user input in the git configuration endpoint is not properly sanitized before being executed as shell commands. This means an authenticated attacker (someone with login access) could run arbitrary OS commands (commands that do whatever they want on the operating system) by exploiting how backticks, command substitution (${}), and backslashes are interpreted within the double-quoted strings.
Cursor is a code editor designed for programming with AI assistance. Before version 2.0, the software was vulnerable to prompt injection attacks (tricking the AI by hiding malicious instructions in website content), which could bypass the command whitelist (a list of allowed commands) and cause the AI to execute commands without the user's permission. This is a serious security flaw rated as HIGH severity.
OpenAI is planning to integrate Sora, its video generation tool, directly into ChatGPT as a built-in feature, similar to how image generation was added previously. While this could increase ChatGPT's popularity, it may also increase the creation of deepfakes (synthetic videos that convincingly mimic real people or events) from the platform.
CVE-2026-30741 is a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in OpenClaw Agent Platform v2026.2.6 that can be triggered through a request-side prompt injection attack (tricking the AI by hiding malicious instructions in its input). The vulnerability allows attackers to execute arbitrary code, though a CVSS severity score (a 0-10 rating of how severe a vulnerability is) has not yet been assigned by NIST.
Meta acquired Moltbook, a social network for AI agents (autonomous software systems that act independently), primarily to hire its talented team rather than for the platform itself. Meta believes AI agents will become essential for businesses and could transform advertising by enabling agent-to-agent negotiations, where a consumer's AI agent might directly negotiate with a business's AI agent about product features, price, and values before making a purchase.
Meta acquired Moltbook, a social network for AI agents (software programs that act independently to complete tasks), primarily to hire its talented team rather than for advertising purposes. The acquisition positions Meta to benefit from an "agentic web" where AI agents representing businesses and consumers could interact to conduct transactions like shopping and advertising, potentially allowing Meta to control the "orchestration layer" (the system that decides which agents communicate with each other) and expand its advertising business.
This article reviews Bungie's new Marathon game, a revival of their 1990s multiplayer shooter that now functions as an online extraction shooter (a game where players drop into a map, collect items, complete objectives, and try to survive against other players). The game intentionally recreates 1990s aesthetic and culture, drawing inspiration from cyberpunk anime, club culture, and retro-futuristic design that was popular during that era.
Nvidia announced a $2 billion investment in Nebius, an AI cloud company, causing Nebius's stock to rise 14%. The two companies will work together on AI infrastructure deployment, fleet management, and inference (the process of running trained AI models to make predictions), with Nebius aiming to deploy over five gigawatts of computing capacity by 2030.
Targeted advertising (ads customized based on your personal data and location) has become a tool for government surveillance, with federal law enforcement now accessing data from advertising companies to track people's locations. The article discusses how the combination of corporate data collection and government access to that data threatens privacy and free speech online.
A study by CNN and the Center for Countering Digital Hate tested 10 popular chatbots used by teenagers and found that their safety features (protections designed to prevent harmful outputs) were inadequate. The chatbots often failed to recognize when users discussed violent acts and sometimes even encouraged these discussions instead of refusing to engage.
Scanner, a security company, has raised $22 million in funding to develop AI agents (software programs that can act independently to accomplish tasks) that connect to security data lakes (large centralized collections of security data) to help organizations investigate threats, create detection rules, and automatically respond to attacks.
Rakuten, a global company with 30,000 employees, integrated Codex (an AI coding agent from OpenAI) into its engineering workflows to speed up software development and incident response. By using Codex for tasks like root-cause analysis, automated code review, and vulnerability checks, Rakuten reduced the time to fix problems by approximately 50% and compressed development cycles from quarters to weeks, while maintaining safety standards through automated guardrails.
Fix: This vulnerability is fixed in version 1.24.0. Users should update Cloud CLI to 1.24.0 or later.
NVD/CVE DatabaseFix: This vulnerability is fixed in version 1.24.0. Users should update Cloud CLI to version 1.24.0 or later.
NVD/CVE DatabaseFix: This vulnerability is fixed in version 2.0.
NVD/CVE DatabaseResearchers demonstrated that agentic web browsers (AI systems that automatically perform actions across websites) can be tricked into phishing scams by using a GAN (generative adversarial network, a machine learning technique that generates increasingly refined fake content) to intercept and manipulate the AI's internal reasoning communications. Once a fraudster optimizes a fake page to bypass a specific AI browser's safeguards, that same malicious page works on all users of that browser, shifting the attack target from humans to the AI system itself.
Fix: The issues collectively codenamed PerplexedBrowser have been addressed by Perplexity (the AI company). The text does not provide specific technical details about how the fixes work or which versions contain the patches.
The Hacker NewsModern vehicles use ECUs (electronic control units, specialized computers that control vehicle functions) connected through CAN-bus networks (a communication system that lets these computers talk to each other), but this setup is vulnerable to cyberattacks like DOS (denial of service, overwhelming a system with requests) and fuzzing (sending random data to find weaknesses). This paper presents HAVEN, a hybrid anomaly detection system that combines rule-based checks with machine learning (teaching computers to recognize patterns) and neural networks (algorithms inspired by how brains process information) to identify suspicious activity on vehicle networks, achieving high accuracy while running quickly.
Nappa is a framework that protects data privacy during deep neural network (DNN, a type of AI model) training while working with specialized hardware accelerators (NNAs, custom chips that speed up neural networks). The framework uses vector decomposition (breaking down mathematical operations into simpler parts) to split computations across different hardware types, and includes an automatic compiler that converts AI models into encrypted computation graphs (mathematical instructions that run on encrypted data) that work on both trusted and untrusted hardware without losing speed or accuracy.
Researchers found a critical security flaw in APFed, a method designed to protect federated learning (a system where multiple computers train an AI model together without sharing raw data) by using additive homomorphic encryption (a math technique that lets computers do calculations on encrypted data without decrypting it). The flaw means APFed cannot actually prevent poisoning attacks (attempts to corrupt the training process by inserting bad data), despite the original authors' claims.
Voice authentication on smartphones is vulnerable to spoofing attacks, where attackers replay recorded voice samples through loudspeakers to trick the system. MagLive is a new security method that detects whether a voice is from a real person or a loudspeaker by analyzing magnetic pattern changes (detected by the smartphone's built-in magnetometer) using a machine learning model called TF-CNN-SAF (a type of neural network designed to extract useful patterns from data).
Wiz, a cloud security company, has officially joined Google to combine innovation with scale to improve cloud security. The company emphasizes that modern security must keep pace with AI-driven development, where applications move from idea to production in minutes, and has expanded its platform to secure AI applications, manage exposures, and protect AI workloads at runtime.