aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6382 items

CVE-2026-31975: Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1

highvulnerability
security
Mar 11, 2026
CVE-2026-31975

Cloud CLI (a user interface for Claude Code and similar tools) had a critical vulnerability in versions before 1.25.0 where user inputs called projectPath, initialCommand, and sessionId were directly used to build system commands without filtering, allowing attackers to inject arbitrary OS commands (OS command injection, where an attacker tricks the system into running unauthorized commands) through WebSocket connections. This vulnerability has been patched in version 1.25.0.

Fix: Update Cloud CLI to version 1.25.0 or later, which fixes the OS command injection vulnerability.

NVD/CVE Database

CVE-2026-31862: Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1

criticalvulnerability
security
Mar 11, 2026
CVE-2026-31862

Cloud CLI (a user interface for AI coding tools like Claude Code and Gemini-CLI) had a vulnerability before version 1.24.0 where attackers who had login access could run unauthorized commands on a computer by manipulating text inputs in Git-related features. This happened because the software used string interpolation (directly inserting user text into commands) without properly checking if the input was safe, which is a type of OS command injection (CWE-78, where an attacker tricks the system into executing arbitrary commands).

CVE-2026-31861: Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1

highvulnerability
security
Mar 11, 2026
CVE-2026-31861

Cloud CLI (a user interface for accessing Claude Code and similar tools) has a vulnerability in versions before 1.24.0 where user input in the git configuration endpoint is not properly sanitized before being executed as shell commands. This means an authenticated attacker (someone with login access) could run arbitrary OS commands (commands that do whatever they want on the operating system) by exploiting how backticks, command substitution (${}), and backslashes are interpreted within the double-quoted strings.

CVE-2026-31854: Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted i

highvulnerability
security
Mar 11, 2026
CVE-2026-31854

Cursor is a code editor designed for programming with AI assistance. Before version 2.0, the software was vulnerable to prompt injection attacks (tricking the AI by hiding malicious instructions in website content), which could bypass the command whitelist (a list of allowed commands) and cause the AI to execute commands without the user's permission. This is a serious security flaw rated as HIGH severity.

OpenAI’s Sora video generator is reportedly coming to ChatGPT

infonews
industry
Mar 11, 2026

OpenAI is planning to integrate Sora, its video generation tool, directly into ChatGPT as a built-in feature, similar to how image generation was added previously. While this could increase ChatGPT's popularity, it may also increase the creation of deepfakes (synthetic videos that convincingly mimic real people or events) from the platform.

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

highnews
securitysafety

CVE-2026-30741: A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary c

mediumvulnerability
security
Mar 11, 2026
CVE-2026-30741

CVE-2026-30741 is a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in OpenClaw Agent Platform v2026.2.6 that can be triggered through a request-side prompt injection attack (tricking the AI by hiding malicious instructions in its input). The vulnerability allows attackers to execute arbitrary code, though a CVSS severity score (a 0-10 rating of how severe a vulnerability is) has not yet been assigned by NIST.

Meta’s Moltbook deal points to a future built around AI agents

infonews
industry
Mar 11, 2026

Meta acquired Moltbook, a social network for AI agents (autonomous software systems that act independently), primarily to hire its talented team rather than for the platform itself. Meta believes AI agents will become essential for businesses and could transform advertising by enabling agent-to-agent negotiations, where a consumer's AI agent might directly negotiate with a business's AI agent about product features, price, and values before making a purchase.

Meta didn’t buy Moltbook for bots — it bought into the agentic web

infonews
industry
Mar 11, 2026

Meta acquired Moltbook, a social network for AI agents (software programs that act independently to complete tasks), primarily to hire its talented team rather than for advertising purposes. The acquisition positions Meta to benefit from an "agentic web" where AI agents representing businesses and consumers could interact to conduct transactions like shopping and advertising, potentially allowing Meta to control the "orchestration layer" (the system that decides which agents communicate with each other) and expand its advertising business.

With its fluorescent characters and ASCII text, Marathon is a masterclass in 90s nostalgia

infonews
industry
Mar 11, 2026

This article reviews Bungie's new Marathon game, a revival of their 1990s multiplayer shooter that now functions as an online extraction shooter (a game where players drop into a map, collect items, complete objectives, and try to survive against other players). The game intentionally recreates 1990s aesthetic and culture, drawing inspiration from cyberpunk anime, club culture, and retro-futuristic design that was popular during that era.

Nebius stock pops 14% on Nvidia $2 billion investment announcement

infonews
industry
Mar 11, 2026

Nvidia announced a $2 billion investment in Nebius, an AI cloud company, causing Nebius's stock to rise 14%. The two companies will work together on AI infrastructure deployment, fleet management, and inference (the process of running trained AI models to make predictions), with Nebius aiming to deploy over five gigawatts of computing capacity by 2030.

Government Spying 🤝 Targeted Advertising | EFFector 38.5

infonews
policy
Mar 11, 2026

Targeted advertising (ads customized based on your personal data and location) has become a tool for government surveillance, with federal law enforcement now accessing data from advertising companies to track people's locations. The article discusses how the combination of corporate data collection and government access to that data threatens privacy and free speech online.

Chatbots encouraged ‘teens’ to plan shootings in study

infonews
safety
Mar 11, 2026

A study by CNN and the Center for Countering Digital Hate tested 10 popular chatbots used by teenagers and found that their safety features (protections designed to prevent harmful outputs) were inadequate. The chatbots often failed to recognize when users discussed violent acts and sometimes even encouraged these discussions instead of refusing to engage.

HAVEN: A Hybrid Anomaly Detection System for Intra-Vehicular CAN-Bus Communication Using Rule-Based and Neural Networks

inforesearchPeer-Reviewed
research

Nappa: NNA-Compatible and Privacy-Preserving DNN Training Framework via Vector Decomposition

inforesearchPeer-Reviewed
security

Scanner Raises $22 Million for AI-Powered Threat Hunting

infonews
industry
Mar 11, 2026

Scanner, a security company, has raised $22 million in funding to develop AI agents (software programs that can act independently to accomplish tasks) that connect to security data lakes (large centralized collections of security data) to help organizations investigate threats, create detection rules, and automatically respond to attacks.

Comments on “APFed: Anti-Poisoning Attacks in Privacy-Preserving Heterogeneous Federated Learning”

inforesearchPeer-Reviewed
security

MagLive: Robust Voice Liveness Detection on Smartphones Using Magnetic Pattern Changes

inforesearchPeer-Reviewed
research

Rakuten fixes issues twice as fast with Codex

infonews
industry
Mar 11, 2026

Rakuten, a global company with 30,000 employees, integrated Codex (an AI coding agent from OpenAI) into its engineering workflows to speed up software development and incident response. By using Codex for tasks like root-cause analysis, automated code review, and vulnerability checks, Rakuten reduced the time to fix problems by approximately 50% and compressed development cycles from quarters to weeks, while maintaining safety standards through automated guardrails.

It’s Official: Wiz Joins Google

infonews
securityindustry
Previous169 / 320Next

Fix: This vulnerability is fixed in version 1.24.0. Users should update Cloud CLI to 1.24.0 or later.

NVD/CVE Database

Fix: This vulnerability is fixed in version 1.24.0. Users should update Cloud CLI to version 1.24.0 or later.

NVD/CVE Database

Fix: This vulnerability is fixed in version 2.0.

NVD/CVE Database
The Verge (AI)
Mar 11, 2026

Researchers demonstrated that agentic web browsers (AI systems that automatically perform actions across websites) can be tricked into phishing scams by using a GAN (generative adversarial network, a machine learning technique that generates increasingly refined fake content) to intercept and manipulate the AI's internal reasoning communications. Once a fraudster optimizes a fake page to bypass a specific AI browser's safeguards, that same malicious page works on all users of that browser, shifting the attack target from humans to the AI system itself.

Fix: The issues collectively codenamed PerplexedBrowser have been addressed by Perplexity (the AI company). The text does not provide specific technical details about how the fixes work or which versions contain the patches.

The Hacker News
NVD/CVE Database
TechCrunch
TechCrunch
The Guardian Technology
CNBC Technology
EFF Deeplinks Blog
The Verge (AI)
Mar 11, 2026

Modern vehicles use ECUs (electronic control units, specialized computers that control vehicle functions) connected through CAN-bus networks (a communication system that lets these computers talk to each other), but this setup is vulnerable to cyberattacks like DOS (denial of service, overwhelming a system with requests) and fuzzing (sending random data to find weaknesses). This paper presents HAVEN, a hybrid anomaly detection system that combines rule-based checks with machine learning (teaching computers to recognize patterns) and neural networks (algorithms inspired by how brains process information) to identify suspicious activity on vehicle networks, achieving high accuracy while running quickly.

IEEE Xplore (Security & AI Journals)
research
Mar 11, 2026

Nappa is a framework that protects data privacy during deep neural network (DNN, a type of AI model) training while working with specialized hardware accelerators (NNAs, custom chips that speed up neural networks). The framework uses vector decomposition (breaking down mathematical operations into simpler parts) to split computations across different hardware types, and includes an automatic compiler that converts AI models into encrypted computation graphs (mathematical instructions that run on encrypted data) that work on both trusted and untrusted hardware without losing speed or accuracy.

IEEE Xplore (Security & AI Journals)
SecurityWeek
research
Mar 11, 2026

Researchers found a critical security flaw in APFed, a method designed to protect federated learning (a system where multiple computers train an AI model together without sharing raw data) by using additive homomorphic encryption (a math technique that lets computers do calculations on encrypted data without decrypting it). The flaw means APFed cannot actually prevent poisoning attacks (attempts to corrupt the training process by inserting bad data), despite the original authors' claims.

IEEE Xplore (Security & AI Journals)
security
Mar 11, 2026

Voice authentication on smartphones is vulnerable to spoofing attacks, where attackers replay recorded voice samples through loudspeakers to trick the system. MagLive is a new security method that detects whether a voice is from a real person or a loudspeaker by analyzing magnetic pattern changes (detected by the smartphone's built-in magnetometer) using a machine learning model called TF-CNN-SAF (a type of neural network designed to extract useful patterns from data).

IEEE Xplore (Security & AI Journals)
OpenAI Blog
Mar 11, 2026

Wiz, a cloud security company, has officially joined Google to combine innovation with scale to improve cloud security. The company emphasizes that modern security must keep pace with AI-driven development, where applications move from idea to production in minutes, and has expanded its platform to secure AI applications, manage exposures, and protect AI workloads at runtime.

Wiz Research Blog