All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
n8n, a workflow automation platform, has a vulnerability where authenticated users with permission to create workflows could escape the sandbox (an isolated environment that restricts what code can do) in the Python Code node to read arbitrary files or achieve RCE (remote code execution, where an attacker can run commands on a system they don't own). On default setups, this could compromise the entire n8n host machine.
Fix: The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can: (1) Limit workflow creation and editing permissions to fully trusted users only, or (2) Disable the Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and should only be used as short-term measures.
GitHub Advisory Databasen8n had a vulnerability in its Form nodes where an unauthenticated attacker could inject malicious code by submitting specially crafted form data that starts with an equals sign (=), which the system would then execute as an expression. While this vulnerability alone is limited, it could potentially lead to remote code execution if combined with another type of attack that bypasses n8n's expression sandbox (a security boundary that restricts what code can access).
President Trump announced plans for major tech companies to sign a 'rate payer protection pledge' that would require them to build or pay for new electricity generation for their data centers, aiming to reduce concerns about rising electricity costs. Leaders from Amazon, Google, Meta, Microsoft, xAI, Oracle, and OpenAI are expected to attend a signing event on March 4th, though details about the pledge's requirements and enforcement mechanisms remain unclear.
Google and Samsung announced that Gemini, Google's AI assistant, will soon handle multi-step tasks on phones like ordering food or booking rides, starting with Pixel 10 and Galaxy S26 phones. This represents agentic AI features (AI that can take multiple actions toward a goal) that Apple had planned for Siri but delayed in March 2025 and hasn't yet released.
Thrive Capital, a venture capital firm (a company that invests in startups), invested about $1 billion in OpenAI at a $285 billion valuation in December 2024. OpenAI is currently finalizing a much larger funding round that could total over $100 billion and raise the company's valuation to $800 billion, with Thrive likely participating in this round as well.
Samsung's Galaxy S26 smartphone combines three AI assistants: Google's Gemini (which can now perform autonomous actions inside third-party apps), Perplexity for web searches, and an upgraded Samsung Bixby for on-device tasks. This multi-agent approach (using multiple separate AI systems together) gives Google's Gemini major market reach before Apple launches a Gemini-powered version of Siri later in 2025, with features that were originally planned for March or April now delayed to May or September.
Parse Dashboard has a cache key collision bug where the same storage identifier is used for both the master key (full access) and read-only master key (limited access) when resolving function-typed keys. Under specific timing conditions, a read-only user could receive the full master key, or a regular user could receive the read-only master key, leaking access privileges to the wrong user type.
LangChain's `RecursiveUrlLoader` component had a security flaw where it would validate an initial website address but then automatically follow redirects (automatic jumps to different URLs) without checking them, allowing attackers to redirect from a safe public URL to internal or sensitive endpoints. This vulnerability was fixed in version 1.1.18 of the `@langchain/community` package.
Google's Gemini AI can now automate tasks like booking Ubers or ordering food through DoorDash on certain Pixel 10 and Samsung Galaxy S26 phones. When you give Gemini a command like 'Get me an Uber to the Palace of Fine Arts,' it launches the app in a virtual window, completes the steps automatically, and lets you watch, pause, or take control if needed, though you must submit the final order yourself.
Google announced new Gemini features for Android phones that can automate multi-step tasks like ordering food or rides, along with improvements to scam detection and search capabilities. The automation feature is currently in beta and limited to certain apps and devices in the U.S. and Korea. To prevent problems, Google added protections so automations require explicit user commands, can be monitored and stopped in real time, and run in a secure virtual environment (an isolated space on your phone) that can only access limited apps.
OpenAI is rolling out ads to free and paid users of ChatGPT and says the process will be gradual and iterative. The company's COO emphasized that maintaining user privacy and trust is essential, and that well-designed ads can improve the user experience rather than detract from it.
Anthropic released a new Claude Code feature called "Remote Control" that lets you start a session on your computer and then control it remotely using Claude on web, iOS, and desktop apps by sending prompts to that session. The feature currently has several bugs, including permission approval issues, API errors, and problems with session termination, though the author expects these to be fixed soon.
Researchers discovered three security vulnerabilities in Anthropic's Claude Code (an AI-powered coding assistant) that could allow attackers to run arbitrary commands on a developer's computer and steal API keys (authentication credentials) simply by tricking users into opening malicious project folders. The vulnerabilities exploited configuration files and automation systems to bypass safety prompts and execute malicious code without user consent.
Peter Steinberger, creator of OpenClaw (an AI agent that works through WhatsApp), shares advice for developers building with AI: focus on exploration and experimentation rather than having a perfect plan from the start. He emphasizes that working with AI is a learnable skill, like learning guitar, and recommends approaching it playfully and iteratively rather than expecting immediate expertise.
According to IBM X-Force data from 2025, more than half of the 400,000 tracked vulnerabilities (56%) could be exploited without requiring authentication (the process of verifying who you are). This means attackers can exploit these security flaws without needing to log in or have legitimate access to a system.
Fickling (a Python library for analyzing pickle files, a Python serialization format) has a safety bypass where dangerous operations like network connections and file access are falsely marked as safe when certain opcodes (REDUCE and BUILD, which are pickle instructions) appear in sequence. Attackers can add a simple BUILD opcode to any malicious pickle to evade all five of fickling's safety detection methods.
Anthropic executives have suggested in recent interviews that Claude (their AI model) might be alive or conscious in some way, though the company denies Claude is alive like biological organisms. The company avoids directly stating whether Claude is conscious, using the term "alive" as a loaded question while focusing on model welfare research.
Atlassian has released a new feature called 'agents in Jira' that lets teams assign work to AI agents (programs that can perform tasks automatically) from the same project management dashboard used for human workers. The update tracks agent progress, sets deadlines, and allows companies to compare how AI agents perform against human employees on the same projects, potentially helping enterprises decide where AI automation is most valuable.
Fix: The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can temporarily: (1) manually review form nodes to check if they have the problematic configuration, (2) disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable, or (3) disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term measures.
GitHub Advisory DatabaseFix: The patch uses distinct cache keys for master key and read-only master key. As workarounds, avoid using function-typed master keys, or remove the `agent` configuration block from your dashboard configuration. This issue is fixed in version 9.0.0-alpha.8 or later.
GitHub Advisory DatabaseFix: Upgrade to `@langchain/community` version 1.1.18. This version disables automatic redirects (`redirect: "manual"`), validates each redirect target with `validateSafeUrl()` before following it, and implements a maximum redirect limit to prevent infinite loops.
NVD/CVE DatabaseFix: All three vulnerabilities have been fixed in specific Claude Code versions: the first vulnerability was fixed in version 1.0.87 (September 2025), CVE-2025-59536 was fixed in version 1.0.111 (October 2025), and CVE-2026-21852 was fixed in version 2.0.65 (January 2026). Users should update to these versions or later.
The Hacker NewsAbout 12% of U.S. teenagers use AI chatbots for emotional support or advice, alongside more common uses like searching for information and getting homework help. Mental health professionals warn that general-purpose AI tools like ChatGPT are not designed for this purpose and can isolate users from real-world connections and relationships, potentially causing serious psychological harm.
Fix: Character.AI disabled chatbot access for users under 18 following lawsuits related to teen suicides. OpenAI sunset (discontinued) its GPT-4o model, which users had relied on for emotional support.
TechCrunchFix: Potentially unsafe modules have been added to a blocklist in https://github.com/trailofbits/fickling/commit/0c4558d950daf70e134090573450ddcedaf10400.
GitHub Advisory DatabaseStrokePIN is an authentication system that uses keystroke dynamics (the unique way a person types, including timing and pressure patterns) combined with other data types to verify users' PIN (personal identification number) entries on mobile devices. The system uses a few-shot learning technique called Siamese Network (a machine learning approach that learns from very few examples) to work efficiently without needing to retrain constantly, and it includes security analysis showing that keystroke dynamics can provide meaningful protection against guessing attacks.
Fix: StrokePIN dynamically updates the template library (the stored reference patterns of how each user types) to mitigate the impact of user behavior drift over time, achieving a False Acceptance Rate of 8.3% and False Rejection Rate of 0.4%.
IEEE Xplore (Security & AI Journals)