All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Researchers at the University of Toronto created a proof-of-concept AI worm that uses a locally hosted open-weight LLM (large language model, an AI trained on broad text data and released publicly) to autonomously explore networks, generate custom attacks for each target, and replicate itself without human help or relying on commercial AI services. Unlike traditional worms with fixed exploits that stop spreading when patched, this worm generates new attack strategies at runtime by reasoning about what it finds on each host, successfully compromising about 62% of a test network in seven days. The worm's ability to read newly published vulnerability advisories means that patching known bugs alone cannot stop it, since the AI can discover and exploit new attack paths that weren't in its training data.
Perplexity AI's CEO announced the company plans to hold an initial public offering (IPO, where a private company sells shares to become publicly traded) in 2028 regardless of whether competitors Anthropic and OpenAI succeed with their own IPOs. The CEO acknowledged that major IPOs from SpaceX, Anthropic, and OpenAI will test investor demand for expensive tech company offerings, but expressed confidence these companies deserve high valuations because they lead in AI model capabilities.
The Hades Campaign is a sophisticated malware attack targeting Python developer environments that uses multiple advanced techniques: it harvests credentials, replicates itself across systems, extracts sensitive data from computer memory, and uses adversarial prompt injection (tricking AI security scanners by hiding malicious instructions in plain text) to evade detection by AI-powered security tools. The malware enters through compromised Python packages and uses the Bun toolkit (a JavaScript runtime) to execute payloads while bypassing traditional security controls.
OpenAI has filed confidential paperwork with the US Securities and Exchange Commission to pursue an initial public offering (IPO, a process where a private company sells shares to the public on the stock market) at some point in the future, though the company has not decided on timing yet. This move intensifies competition with rival AI company Anthropic, which announced similar IPO plans one week earlier, as both companies compete for users, customers, and investors with valuations approaching $1 trillion. Going public would provide these AI companies with billions of dollars in capital, which they need because running AI systems requires enormous compute costs (the infrastructure and processing power needed to build, train, and operate AI models).
OpenAI has filed confidentially to go public on the US stock market, with an expected valuation exceeding $850 billion, making it one of the largest IPO (initial public offering, when a private company first sells shares to the public) listings in history. The company announced the filing preemptively because it expected the confidential submission to become public anyway, and stated it has not yet decided on a timeline for going public.
OpenAI has confidentially filed for an IPO (initial public offering, where a private company sells shares to the public for the first time) with the Securities and Exchange Commission, joining competitors Anthropic and SpaceX in preparing to go public. The company, valued at over $850 billion, has not decided on a timeline for the IPO but says it could happen as soon as late 2025, though leadership notes some goals may be easier to achieve while remaining private. OpenAI is also planning a tender offer to let employees sell shares at the current valuation to ease pressure for immediate liquidity.
OpenAI has filed a confidential Form S-1 with the SEC (Securities and Exchange Commission, the US agency that oversees financial markets and public companies), which is a preliminary step toward becoming a publicly traded company. This move follows Anthropic's similar filing in June, as both AI companies compete to go public. The confidential filing keeps sensitive details like executive pay and financial information private for now, rather than making them immediately public.
Apple announced new AI features at its developer conference, including an improved Siri that can have back-and-forth conversations with users. Unlike some competitors, Apple is partnering with Google and Nvidia to build its most advanced AI model (Apple Foundation Model Cloud Pro) while emphasizing privacy by keeping user data local and using a system orchestrator (a routing component that directs queries to either on-device or cloud processing) to minimize data collection compared to AI services like ChatGPT.
Apple announced a major upgrade to Siri at its developer conference, integrating it with Apple Intelligence (Apple's AI tool) and rebranding it as 'Siri AI'. The new voice assistant will function more like AI chatbots (such as ChatGPT or Google Gemini) rather than a traditional web-search question-and-answer tool, with a wide release planned for fall.
Cybercriminals are increasingly using AI-themed social engineering (manipulating people into revealing sensitive information or taking harmful actions) to distribute malware, steal credentials, and commit fraud by impersonating popular AI platforms like ChatGPT and Claude. Both Microsoft and Google have documented how attackers are adapting traditional phishing (deceptive emails/messages designed to steal information) and impersonation tactics to exploit employees' growing use of AI tools and cloud services, rather than developing entirely new attack techniques. Security researchers warn that the threat has shifted from technical vulnerabilities to the human layer, where employees' trust and behavior become the target.
The Bank of England warned the public about AI-generated scams after deepfake videos (fake videos created using AI to show people doing things they never did) of its governor fighting a politician spread on social media. These scams use AI to impersonate banks and public figures to trick people, especially vulnerable ones, into giving up money or personal information. Bank officials urged people to report these scams so authorities can remove them and catch the criminals behind them.
Fix: Andrew Bailey urged the public to report the videos so they could be taken down. The Bank of England raised concerns about the posts with Reform UK and with social media platforms. The UK's Online Safety Act contains provisions requiring tech platforms to tackle fraudulent advertising, though those duties do not come into force until next year.
The Guardian TechnologyAI systems like Claude are becoming very good at finding bugs automatically, which is changing the bug bounty industry (where companies pay people to discover security flaws). While this sounds helpful, it's creating problems: AI tools find many duplicate bugs and low-quality reports, overwhelming the review process and making it harder for human bounty hunters to get paid fairly.
As AI agents (autonomous software that can independently handle complex tasks across organizational systems) are expected to grow significantly in adoption, companies are redesigning how work is distributed between humans and AI to shift employees toward higher-value tasks. Leadership teams recognize that this shift will transform workplace roles and responsibilities, with estimates suggesting three-quarters of current roles will need redesign or reskilling by 2030, but experts emphasize that humans must remain involved in oversight, particularly when AI agents access sensitive organizational data.
Fix: According to the source, governance should include robust data privacy rules and the establishment of governance layers such as an AI council. The source also emphasizes that "when you expose an AI agent to organizational data, when you integrate it into multiple enterprise systems, then pathways around the AI agent become extremely important," indicating that leadership needs to establish "stringent guardrails and constraints" for AI agents working with sensitive and personal data in enterprise settings.
MIT Technology ReviewResearchers at the University of Toronto created an AI-powered computer worm prototype using only free, small language models (LLMs, which are AI systems trained on large amounts of text) that could self-replicate across a simulated network by finding and exploiting vulnerabilities (security weaknesses) and misconfigurations. The research shows that attackers don't need cutting-edge AI models to launch widespread network attacks, since using paid models would create detection points where safety filters could block malicious prompts.
OpenAI introduced Lockdown Mode to reduce data exfiltration (unauthorized theft of data), a security feature that disables external capabilities like web browsing and file downloads. However, security experts say the mode only partially limits data theft and doesn't fully block it, especially since attackers could find alternate paths (prompt injection, or tricking an AI by hiding instructions in its input) to steal data.
Fix: Lockdown Mode can be activated within OpenAI products' settings and limits web browsing to cached content, limits image support, disables Deep Research and Agent Mode, denies users the ability to approve Canvas-generated code to access the network, and prevents ChatGPT from downloading files for data analysis, though it can still operate on manually uploaded files. Alternatively, security professionals can implement isolation through their own enterprise controls such as network segmentation, least privilege access, Zero Trust concepts, application controls, and air-gapping (physically isolating networks).
CSO OnlineArista Extensible Operating System (EOS, network switching software) has a vulnerability where the switch incorrectly unwraps and forwards tunneled packets (data wrapped in another protocol for transmission) that match its decapsulation IP address, allowing unexpected traffic to pass through. This flaw is currently being exploited by attackers in real-world attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See Arista's security advisory at https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137
CISA Known Exploited VulnerabilitiesGoogle Chromium V8 contains an out-of-bounds read and write vulnerability (a bug where code accesses memory locations it shouldn't, potentially corrupting data) that could let attackers run malicious code inside a sandbox through a specially crafted HTML page. This affects multiple browsers built on Chromium, like Chrome, Edge, and Opera, and is currently being exploited by attackers in real attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-06-23. See vendor updates at https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html
CISA Known Exploited VulnerabilitiesCisco Catalyst SD-WAN Manager has a vulnerability where improper encoding or escaping of output (failing to safely convert special characters before displaying data) allows an authenticated, local attacker to run arbitrary commands as root by uploading a crafted file. This vulnerability is actively being exploited in the wild.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesEngland and Wales plans to trial AI legal assistants in crown courts to reduce case backlogs, but lawyers warn the technology should not replace funding and staff. Concerns have been raised about AI hallucinations (false information generated by AI systems), including cases where AI created fake legal citations that were used in court decisions, highlighting risks to the justice system's integrity.
This AWS security digest from May 2026 covers updates across AI security, infrastructure protection, identity management, and compliance. Key topics include securing agentic AI workflows (AI systems that take actions autonomously) using frameworks like Cedar for authorization, protecting AWS networks with filtering tools like AWS Network Firewall and WAF (web application firewall, which blocks malicious web traffic), and establishing compliance programs for ISO standards. The resources include blog posts, code samples, and workshops to help organizations adopt these security practices.