All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Fickling, a tool for safely analyzing pickle files (Python's serialization format), has a critical vulnerability where the OBJ opcode (an instruction that calls functions) can execute dangerous code without being detected by any of Fickling's safety checks. The problem is that OBJ pushes function calls directly onto the interpreter's stack instead of recording them in the analysis structure (AST, or abstract syntax tree, which represents the code's structure), so when the result is discarded, the malicious call becomes invisible to all safety analysis.
Fix: The vulnerability is described as "a single missing `new_variable()` call in `Obj.run()` (`fickle.py:1333-1350`)." The source indicates that REDUCE opcodes correctly persist calls to the AST using `interpreter.new_variable(call)`, and OBJ should follow the same pattern. The assessment section mentions a commit (https://github.com/trailofbits/fickling/commit/ff423dade2bb1f72b2b48586c022fac40cbd9a4a) that updates "the interpreter so it behaves closer to CPython when dealing with `OBJ`, `NEWOBJ`, and `NEWOBJ_EX` opcodes," suggesting this addresses the fix, though the exact patched version is not explicitly stated in the source.
GitHub Advisory DatabaseDefense Secretary Pete Hegseth has given Anthropic (an AI company that develops Claude models) until Friday to allow the military broad access to its AI systems, threatening to label the company a 'supply chain risk' (a designation that would require DoD vendors to stop using Anthropic's products) or invoke the Defense Production Act (a law allowing the president to control domestic industries for national security) if it refuses. Anthropic wants safeguards preventing its models from being used for autonomous weapons or mass surveillance, while the DoD wants unrestricted access to 'all lawful use cases' without limitations.
Caddy's MatchHost matcher is documented as case-insensitive, but when configured with more than 100 host entries, it uses an optimized binary search that performs case-sensitive comparison, allowing attackers to bypass host-based routing and access controls by changing the casing of the Host header (for example, sending 'H001.TEST' instead of 'h001.test').
Caddy's path matcher is supposed to be case-insensitive, but when a match pattern contains percent-escape sequences (encoded characters like %2F for a slash), it compares the request path without lowercasing it, allowing attackers to bypass access controls by changing letter casing (for example, requesting /ADMIN%2Fpanel instead of /admin%2Fpanel).
N/A -- This content is a footer/navigation page from CNBC with no substantive article text about AMD, Meta, Nvidia, or any AI/LLM-related technical issue. The provided material contains only website metadata, subscription prompts, and legal information.
Caddy's file matcher doesn't properly escape backslashes when sanitizing glob patterns (special characters used for file matching), which allows attackers to bypass security protections. For example, a reverse proxy blocking `/documents/*` can be bypassed by requesting `/do%5ccuments/` (where `%5c` is a backslash) because the backslash in the glob pattern is treated as an escape character and ignored before non-special characters.
ActualBudget server has a missing authentication vulnerability in its SimpleFIN and Pluggy.ai bank sync endpoints, allowing any unauthenticated attacker to access sensitive bank account balances and transaction history. The vulnerable endpoints (like POST /simplefin/accounts and POST /pluggyai/transactions) lack authentication middleware (code that verifies a user is logged in before allowing access), making this a critical issue for any ActualBudget server instance accessible over a network.
NiceGUI has a cross-site scripting (XSS) vulnerability where several APIs that run methods on client-side elements use an unsafe `eval()` function (which executes arbitrary code from a string), allowing attackers to inject malicious JavaScript through user input like URL parameters. Additionally, some methods use string interpolation instead of proper escaping, making it easier for attackers to break out of intended contexts and inject code that can steal cookies, manipulate the page, or perform actions as the victim.
Cursor, an AI coding tool startup, announced updates to its AI agents (software that can complete tasks automatically on a user's behalf) that allow them to test changes, run multiple tasks in parallel on cloud-based virtual machines (remote computers), and work across different platforms like Slack and GitHub. The update aims to help Cursor compete with rivals like OpenAI and Anthropic in the rapidly growing market for AI-powered coding assistants.
OpenAI's COO Brad Lightcap stated that AI has not yet been widely adopted into enterprise business processes at scale, despite powerful AI systems being available to individual users. To address this, OpenAI launched a new platform called OpenAI Frontier, which allows enterprises to build and manage agents (AI systems that can perform tasks autonomously) and helps complex organizations integrate AI into their workflows by measuring success through business outcomes rather than just user seat licenses.
Anthropic announced new partnerships and updates to Claude (its AI assistant), allowing companies to integrate it into enterprise software tools like Slack, Gmail, and Salesforce. This announcement reassured investors that AI won't completely replace existing software systems, causing software and cybersecurity stocks to rebound after recent declines driven by fears that AI tools could disrupt traditional software businesses.
Anthropic announced updates to Claude Cowork, an AI tool that helps with office tasks, allowing it to connect with popular apps like Google Workspace, Docusign, and WordPress through new plug-ins. These plug-ins can automate work across different fields such as HR, design, and finance, and Claude can now handle multi-step tasks across Excel and PowerPoint by passing context between the two applications.
Oura, a health tracking company, released a custom AI model designed specifically for women's health questions, powering its chatbot called Oura Advisor. The model uses established medical research reviewed by doctors and combines it with users' biometric data (measurements like heart rate and sleep patterns) to provide personalized guidance on topics like menstrual cycles and menopause. The company emphasizes the model is hosted on its own servers and designed to be supportive rather than replace actual medical doctors.
Anthropic announced a new enterprise agents program that lets companies deploy pre-built AI agents (software programs that can perform tasks autonomously) to handle common business work like financial research and HR tasks. The program includes a plugin system, pre-made agents for specific departments, and integrations with tools like Gmail and DocuSign, along with controls that corporate IT departments need for managing software safely.
Anthropic has released new connectors and plugins for Claude Cowork, its AI productivity tool for office workers, allowing organizations to integrate it with existing software like Google Drive and Gmail. The update marks Claude Cowork's transition from a research project to an enterprise-grade product, with customizable plugins designed to encode institutional knowledge and workflows across different business domains.
Claude Code is a developer tool created by Anthropic that has unexpectedly become popular with non-developers across various industries who have learned to access their terminal (the text-based interface for giving computer commands) to build projects. The tool has achieved significant product-market fit (strong demand and adoption), though the article questions whether users will eventually move beyond using the terminal interface.
Anthropic, an AI company, is refusing to give the U.S. military unrestricted access to its AI model because of concerns about mass surveillance and autonomous weapons, despite the Pentagon threatening to declare the company a "supply chain risk" (a serious designation usually reserved for foreign adversaries) or invoke the Defense Production Act (a law giving the president power to force companies to prioritize production for national defense). The dispute highlights tension between corporate AI safety policies and government demands for military access, with experts warning that using these extreme measures could signal the U.S. is becoming unstable for business.
Fix: The source suggests two fixes: (1) normalize exact hostnames to lower-case during MatchHost.Provision (at least for non-fuzzy entries), or (2) normalize the incoming request host to lower-case before the large-list binary search and equality check so the optimized path stays case-insensitive.
GitHub Advisory DatabaseFix: In the percent-pattern matching path, lowercase the constructed string in matchPatternWithEscapeSequence right before path.Match, matching the behavior of the normal matching branch.
GitHub Advisory DatabaseFix: The source text shows that other integrations like GoCardless implement the fix by using `app.use(validateSessionMiddleware)` to add authentication middleware. This middleware must be added to the SimpleFIN and Pluggy.ai endpoint files (`/packages/sync-server/src/app-simplefin/app-simplefin.js` and `/packages/sync-server/src/app-pluggyai/app-pluggyai.js`) to require login before accessing the sensitive endpoints, similar to the example shown in `packages/sync-server/src/app-gocardless/app-gocardless.js`.
GitHub Advisory DatabaseFix: Use `json.dumps()` for proper escaping of method and property names in `run_method()` and `get_computed_prop()`, and remove the `eval()` fallback from the `runMethod()` function in `nicegui.js` so that invalid method names raise an error instead of being executed as code. Code that previously relied on passing JavaScript functions as method names should use `ui.run_javascript()` instead, for example: `row = await ui.run_javascript(f'return getElement({grid.id}).api.getDisplayedRowAtIndex(0).data')` instead of `row = await grid.run_grid_method('g => g.getDisplayedRowAtIndex(0).data')`.
GitHub Advisory DatabaseA vulnerability called RoguePilot in GitHub Codespaces allowed attackers to inject hidden malicious instructions into GitHub issues, which GitHub Copilot (an AI code assistant) would automatically execute when a developer opened a Codespace from that issue, potentially leaking the GITHUB_TOKEN (a credential that grants access to repositories). The flaw is an example of prompt injection (tricking an AI by hiding instructions in its input), and attackers could hide their malicious prompts using HTML comments to avoid detection.
Fix: The vulnerability has since been patched by Microsoft following responsible disclosure.
The Hacker NewsMicrosoft is expanding data loss prevention (DLP, rules that block AI from accessing sensitive documents) controls to protect files stored on local devices, not just in cloud storage like SharePoint or OneDrive. The change, rolling out between March and April 2026, will prevent the Microsoft 365 Copilot AI assistant from reading or processing documents marked as confidential. This update addresses a recent bug where Copilot Chat accidentally read confidential emails despite DLP protections being active.
Fix: Microsoft will deploy the enhancement through the Augmentation Loop (AugLoop, an Office component that helps Copilot access documents) between late March and late April 2026. The fix enables Office clients to provide sensitivity labels directly to AugLoop rather than requiring a call to Microsoft Graph using file URLs, allowing DLP enforcement to apply uniformly across all storage locations, including local files. Organizations with DLP policies already configured to block Copilot from processing sensitivity-labeled content will have this protection automatically enabled without requiring administrative action or changes.
BleepingComputerAI agents in enterprises now perform critical operations like provisioning infrastructure and approving transactions, but they are often not governed as distinct identities—instead inheriting broad privileges from their creators. Traditional identity and access management (IAM, the systems that control who can access what) is insufficient because AI agents are dynamic and can take unpredictable paths to achieve their goals, so a new approach called intent-based permissioning is needed, which checks not just who the agent is but why it is requesting access and whether that purpose justifies the action at that moment.