aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6417 items

GHSA-mmgg-m5j7-f83h: n8n has Arbitrary File Read via Python Code Node Sandbox Escape

highvulnerability
security
Feb 25, 2026
CVE-2026-27494

n8n, a workflow automation platform, has a vulnerability where authenticated users with permission to create workflows could escape the sandbox (an isolated environment that restricts what code can do) in the Python Code node to read arbitrary files or achieve RCE (remote code execution, where an attacker can run commands on a system they don't own). On default setups, this could compromise the entire n8n host machine.

Fix: The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can: (1) Limit workflow creation and editing permissions to fully trusted users only, or (2) Disable the Code node by adding `n8n-nodes-base.code` to the `NODES_EXCLUDE` environment variable. The source notes these workarounds do not fully remediate the risk and should only be used as short-term measures.

GitHub Advisory Database

GHSA-75g8-rv7v-32f7: n8n has Unauthenticated Expression Evaluation via Form Node

criticalvulnerability
security
Feb 25, 2026
CVE-2026-27493

n8n had a vulnerability in its Form nodes where an unauthenticated attacker could inject malicious code by submitting specially crafted form data that starts with an equals sign (=), which the system would then execute as an expression. While this vulnerability alone is limited, it could potentially lead to remote code execution if combined with another type of attack that bypasses n8n's expression sandbox (a security boundary that restricts what code can access).

Trump claims tech companies will sign deals next week to pay for their own power supply

infonews
industry
Feb 25, 2026

President Trump announced plans for major tech companies to sign a 'rate payer protection pledge' that would require them to build or pay for new electricity generation for their data centers, aiming to reduce concerns about rising electricity costs. Leaders from Amazon, Google, Meta, Microsoft, xAI, Oracle, and OpenAI are expected to attend a signing event on March 4th, though details about the pledge's requirements and enforcement mechanisms remain unclear.

Google and Samsung just launched the AI features Apple couldn’t with Siri

infonews
industry
Feb 25, 2026

Google and Samsung announced that Gemini, Google's AI assistant, will soon handle multi-step tasks on phones like ordering food or booking rides, starting with Pixel 10 and Galaxy S26 phones. This represents agentic AI features (AI that can take multiple actions toward a goal) that Apple had planned for Siri but delayed in March 2025 and hasn't yet released.

Thrive Capital invested about $1 billion in OpenAI at a $285 billion valuation, source says

infonews
industry
Feb 25, 2026

Thrive Capital, a venture capital firm (a company that invests in startups), invested about $1 billion in OpenAI at a $285 billion valuation in December 2024. OpenAI is currently finalizing a much larger funding round that could total over $100 billion and raise the company's valuation to $800 billion, with Thrive likely participating in this round as well.

Samsung's S26 gives an advance look at what the Google-powered Apple Siri could do

infonews
industry
Feb 25, 2026

Samsung's Galaxy S26 smartphone combines three AI assistants: Google's Gemini (which can now perform autonomous actions inside third-party apps), Perplexity for web searches, and an upgraded Samsung Bixby for on-device tasks. This multi-agent approach (using multiple separate AI systems together) gives Google's Gemini major market reach before Apple launches a Gemini-powered version of Siri later in 2025, with features that were originally planned for March or April now delayed to May or September.

GHSA-jhp4-jvq3-w5xr: Parse Dashboard Has a Cache Key Collision that Leaks Master Key to Read-Only Sessions

highvulnerability
security
Feb 25, 2026
CVE-2026-27610

Parse Dashboard has a cache key collision bug where the same storage identifier is used for both the master key (full access) and read-only master key (limited access) when resolving function-typed keys. Under specific timing conditions, a read-only user could receive the full master key, or a regular user could receive the read-only master key, leaking access privileges to the wrong user type.

CVE-2026-27795: LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Req

mediumvulnerability
security
Feb 25, 2026
CVE-2026-27795

LangChain's `RecursiveUrlLoader` component had a security flaw where it would validate an initial website address but then automatically follow redirects (automatic jumps to different URLs) without checking them, allowing attackers to redirect from a safe public URL to internal or sensitive endpoints. This vulnerability was fixed in version 1.1.18 of the `@langchain/community` package.

Google Gemini can book an Uber or order food for you on Pixel 10 and Galaxy S26

infonews
industry
Feb 25, 2026

Google's Gemini AI can now automate tasks like booking Ubers or ordering food through DoorDash on certain Pixel 10 and Samsung Galaxy S26 phones. When you give Gemini a command like 'Get me an Uber to the Palace of Fine Arts,' it launches the app in a virtual window, completes the steps automatically, and lets you watch, pause, or take control if needed, though you must submit the final order yourself.

Gemini can now automate some multi-step tasks on Android

infonews
industry
Feb 25, 2026

Google announced new Gemini features for Android phones that can automate multi-step tasks like ordering food or rides, along with improvements to scam detection and search capabilities. The automation feature is currently in beta and limited to certain apps and devices in the U.S. and Korea. To prevent problems, Google added protections so automations require explicit user commands, can be monitored and stopped in real time, and run in a secure virtual environment (an isolated space on your phone) that can only access limited apps.

OpenAI COO says ads will be ‘an iterative process’

infonews
industry
Feb 25, 2026

OpenAI is rolling out ads to free and paid users of ChatGPT and says the process will be gradual and iterative. The company's COO emphasized that maintaining user privacy and trust is essential, and that well-designed ads can improve the user experience rather than detract from it.

Claude Code Remote Control

infonews
security
Feb 25, 2026

Anthropic released a new Claude Code feature called "Remote Control" that lets you start a session on your computer and then control it remotely using Claude on web, iOS, and desktop apps by sending prompts to that session. The feature currently has several bugs, including permission approval issues, API errors, and problems with session termination, though the author expects these to be fixed soon.

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

highnews
security
Feb 25, 2026

Researchers discovered three security vulnerabilities in Anthropic's Claude Code (an AI-powered coding assistant) that could allow attackers to run arbitrary commands on a developer's computer and steal API keys (authentication credentials) simply by tricking users into opening malicious project folders. The vulnerabilities exploited configuration files and automation systems to bypass safety prompts and execute malicious code without user consent.

OpenClaw creator’s advice to AI builders is to be more playful and allow yourself time to improve

infonews
industry
Feb 25, 2026

Peter Steinberger, creator of OpenClaw (an AI agent that works through WhatsApp), shares advice for developers building with AI: focus on exploration and experimentation rather than having a perfect plan from the start. He emphasizes that working with AI is a learnable skill, like learning guitar, and recommends approaching it playfully and iteratively rather than expecting immediate expertise.

The Blast Radius Problem: Stolen Credentials Are Weaponizing Agentic AI

infonews
security
Feb 25, 2026

According to IBM X-Force data from 2025, more than half of the 400,000 tracked vulnerabilities (56%) could be exploited without requiring authentication (the process of verifying who you are). This means attackers can exploit these security flaws without needing to log in or have legitimate access to a system.

About 12% of U.S. teens turn to AI for emotional support or advice

infonews
safetypolicy

GHSA-mhc9-48gj-9gp3: Fickling has safety check bypass via REDUCE+BUILD opcode sequence

mediumvulnerability
security
Feb 25, 2026

Fickling (a Python library for analyzing pickle files, a Python serialization format) has a safety bypass where dangerous operations like network connections and file access are falsely marked as safe when certain opcodes (REDUCE and BUILD, which are pickle instructions) appear in sequence. Attackers can add a simple BUILD opcode to any malicious pickle to evade all five of fickling's safety detection methods.

Does Anthropic think Claude is alive? Define ‘alive’

infonews
safety
Feb 25, 2026

Anthropic executives have suggested in recent interviews that Claude (their AI model) might be alive or conscious in some way, though the company denies Claude is alive like biological organisms. The company avoids directly stating whether Claude is conscious, using the term "alive" as a loaded question while focusing on model welfare research.

Jira’s latest update allows AI agents and humans to work side by side

infonews
industry
Feb 25, 2026

Atlassian has released a new feature called 'agents in Jira' that lets teams assign work to AI agents (programs that can perform tasks automatically) from the same project management dashboard used for human workers. The update tracks agent progress, sets deadlines, and allows companies to compare how AI agents perform against human employees on the same projects, potentially helping enterprises decide where AI automation is most valuable.

StrokePIN: Enhancing PIN Authentication With Keystroke Dynamics for Mobile Devices

inforesearchPeer-Reviewed
research
Previous195 / 321Next

Fix: The issue has been fixed in n8n versions 2.10.1, 2.9.3, and 1.123.22. Users should upgrade to one of these versions or later. If upgrading is not immediately possible, administrators can temporarily: (1) manually review form nodes to check if they have the problematic configuration, (2) disable the Form node by adding `n8n-nodes-base.form` to the `NODES_EXCLUDE` environment variable, or (3) disable the Form Trigger node by adding `n8n-nodes-base.formTrigger` to the `NODES_EXCLUDE` environment variable. These workarounds do not fully remediate the risk and should only be used as short-term measures.

GitHub Advisory Database
The Verge (AI)
The Verge (AI)
CNBC Technology
CNBC Technology

Fix: The patch uses distinct cache keys for master key and read-only master key. As workarounds, avoid using function-typed master keys, or remove the `agent` configuration block from your dashboard configuration. This issue is fixed in version 9.0.0-alpha.8 or later.

GitHub Advisory Database

Fix: Upgrade to `@langchain/community` version 1.1.18. This version disables automatic redirects (`redirect: "manual"`), validates each redirect target with `validateSafeUrl()` before following it, and implements a maximum redirect limit to prevent infinite loops.

NVD/CVE Database
The Verge (AI)
TechCrunch
TechCrunch
Simon Willison's Weblog

Fix: All three vulnerabilities have been fixed in specific Claude Code versions: the first vulnerability was fixed in version 1.0.87 (September 2025), CVE-2025-59536 was fixed in version 1.0.111 (October 2025), and CVE-2026-21852 was fixed in version 2.0.65 (January 2026). Users should update to these versions or later.

The Hacker News
TechCrunch
SecurityWeek
Feb 25, 2026

About 12% of U.S. teenagers use AI chatbots for emotional support or advice, alongside more common uses like searching for information and getting homework help. Mental health professionals warn that general-purpose AI tools like ChatGPT are not designed for this purpose and can isolate users from real-world connections and relationships, potentially causing serious psychological harm.

Fix: Character.AI disabled chatbot access for users under 18 following lawsuits related to teen suicides. OpenAI sunset (discontinued) its GPT-4o model, which users had relied on for emotional support.

TechCrunch

Fix: Potentially unsafe modules have been added to a blocklist in https://github.com/trailofbits/fickling/commit/0c4558d950daf70e134090573450ddcedaf10400.

GitHub Advisory Database
The Verge (AI)
TechCrunch
Feb 25, 2026

StrokePIN is an authentication system that uses keystroke dynamics (the unique way a person types, including timing and pressure patterns) combined with other data types to verify users' PIN (personal identification number) entries on mobile devices. The system uses a few-shot learning technique called Siamese Network (a machine learning approach that learns from very few examples) to work efficiently without needing to retrain constantly, and it includes security analysis showing that keystroke dynamics can provide meaningful protection against guessing attacks.

Fix: StrokePIN dynamically updates the template library (the stored reference patterns of how each user types) to mitigate the impact of user behavior drift over time, achieving a False Acceptance Rate of 8.3% and False Rejection Rate of 0.4%.

IEEE Xplore (Security & AI Journals)