aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6423 items

GHSA-ppfx-73j5-fhxc: Skill-scanner Unsecured Network Binding Vulnerability

mediumvulnerability
security
Feb 17, 2026
CVE-2026-26057

Skill-scanner versions 1.0.1 and earlier have a vulnerability in their API Server (a network interface that lets external programs communicate with the software) where the server is incorrectly exposed to multiple network interfaces without proper authentication. An attacker could send requests to this server to cause a denial of service attack (making it unavailable by exhausting its resources) or upload files to unintended locations on the device.

Fix: Update to Skill-scanner version 1.0.2 or later, which contains the fix for this vulnerability.

GitHub Advisory Database

GHSA-g7vw-f8p5-c728: Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

criticalvulnerability
security
Feb 17, 2026
CVE-2026-26016

A Pterodactyl Panel (server management software) API has a missing authorization check that allows any user with a node secret token (a credential for accessing a specific server cluster) to retrieve configuration data and manipulate servers on other nodes that they shouldn't have access to. This vulnerability requires an attacker to first obtain a node token, but once they do, they can access sensitive server information, installation scripts containing secrets, and even delete servers on other nodes.

GHSA-fc3h-92p8-h36f: Unauthenticated File Upload in Gogs

mediumvulnerability
security
Feb 17, 2026
CVE-2026-25242

Gogs, a self-hosted Git service, has a vulnerability where anyone can upload files without logging in if the RequireSigninView setting is disabled (which is the default). Attackers can upload arbitrary files to the server by obtaining a CSRF token (a security token to prevent cross-site request forgery) from the homepage and using it with the /issues/attachments or /releases/attachments endpoints, potentially filling up disk space, hosting malware, or abusing the server as a public file storage service.

GHSA-782p-5fr5-7fj8: OpenClaw Affected by Remote Code Execution via System Prompt Injection in Slack Channel Descriptions

lowvulnerability
security
Feb 17, 2026
CVE-2026-24764

OpenClaw's Slack integration had a vulnerability where Slack channel descriptions could be injected into the AI model's system prompt (the instructions that tell the AI how to behave). This allowed attackers to use prompt injection (tricking an AI by hiding instructions in its input) to potentially trigger unintended actions or expose data if tool execution was enabled.

Anthropic releases Claude Sonnet 4.6, continuing breakneck pace of AI model releases

infonews
industry
Feb 17, 2026

Anthropic released Claude Sonnet 4.6, a new AI model that performs better at coding, computer use, and data processing tasks, making it the default option for free and paid users. This launch reflects the intense competition in the AI industry, with Anthropic releasing two major models in less than two weeks to keep pace with rivals like OpenAI and Google.

Figma partners with Anthropic to turn AI-generated code into editable designs

infonews
industry
Feb 17, 2026

Figma has partnered with Anthropic to launch a feature called 'Code to Canvas' that converts AI-generated code (from tools like Claude Code) into editable designs within Figma's platform. This allows teams to take working interfaces created by AI agents, refine them, compare options, and make design decisions together in Figma, bridging the gap between AI coding tools and design workflows.

WordPress’s new AI assistant will let users edit their sites with prompts

infonews
industry
Feb 17, 2026

WordPress has introduced a new AI assistant that lets users edit their websites by typing natural language requests (instructions written in plain English rather than code) instead of manually making changes. The AI can edit and translate text, generate and modify images, and adjust site elements like creating pages or changing fonts, accessible through the site editor sidebar and block notes feature (a commenting tool added in WordPress 6.9).

Researchers Show Copilot and Grok Can Be Abused as Malware C2 Proxies

highnews
securitysafety

Anthropic releases Sonnet 4.6

infonews
industry
Feb 17, 2026

Anthropic released Sonnet 4.6, an updated version of its mid-size AI model with improvements in coding, instruction-following, and computer use (the ability to interact with computer interfaces). The new model features a context window (the amount of text an AI can read and remember at once) of 1 million tokens, double the previous size, allowing it to process entire codebases or dozens of research papers in one request.

Mistral AI buys Koyeb in first acquisition to back its cloud ambitions

infonews
industry
Feb 17, 2026

Mistral AI, a French company developing large language models (LLMs, AI systems trained on huge amounts of text data), has acquired Koyeb, a startup that helps developers deploy AI applications without managing server infrastructure (a method called serverless computing). This acquisition allows Mistral to expand beyond just building AI models into offering complete cloud infrastructure services, including helping customers run AI models on their own hardware and optimize performance.

GHSA-hr7j-63v7-vj7g: Pterodactyl Panel's SFTP sessions remain active after user account deletion or password change

highvulnerability
security
Feb 17, 2026

Pterodactyl Panel has a security flaw where SFTP sessions (file transfer connections) stay active even after a user account is deleted or their password is changed, allowing continued access to server files with revoked credentials. This prevents administrators from immediately stopping access when they suspect a security breach, potentially allowing unauthorized people to read, modify, or delete files.

Running AI models is turning into a memory game

infonews
industry
Feb 17, 2026

AI companies are facing a major challenge managing memory (the high-speed storage that holds data a computer needs right now) as they scale up their systems, with DRAM chip prices jumping 7x in the past year. Companies are adopting strategies like prompt caching (temporarily storing input data to reuse it cheaply) to reduce costs, but optimizing memory usage involves complex tradeoffs, such as deciding how long to keep data cached and managing what gets removed when new data arrives. The companies that master memory orchestration (coordinating how data moves through different storage systems) will be able to run queries more efficiently and gain a competitive advantage.

GHSA-hv93-r4j3-q65f: OpenClaw Hook Session Key Override Enables Targeted Cross-Session Routing

highvulnerability
security
Feb 17, 2026

OpenClaw had a vulnerability where its hook endpoint (`POST /hooks/agent`) accepted session keys (identifiers for conversation contexts) directly from user requests, allowing someone with a valid hook token to inject messages into any session they could guess or derive. This could poison conversations with malicious prompts that persist across multiple turns. The vulnerability affected versions 2.0.0-beta3 through 2026.2.11.

WordPress.com adds an AI Assistant that can edit, adjust styles, create images, and more

infonews
industry
Feb 17, 2026

WordPress.com has added a built-in AI assistant that helps website owners make changes to their sites using natural language commands (instructions written in plain English rather than technical code). The assistant can modify layouts and styles, create or edit images using Google's Gemini AI models, rewrite content, and provide editing suggestions, though it only works with block themes (a modern WordPress design system) and is opt-in unless you use WordPress.com's AI website builder.

Alibaba unveils Qwen3.5 as China’s chatbot race shifts to AI agents

infonews
industry
Feb 17, 2026

Alibaba has released Qwen3.5, a new AI model series that comes in both an open-weight version (downloadable and runnable on users' own computers) and a hosted version (running on Alibaba's servers), featuring improved performance, multimodal capabilities (ability to understand text, images, and video together), and support for AI agents (systems that can independently complete multi-step tasks with minimal human supervision). The release reflects intensifying competition in China's AI market, as multiple Chinese companies are racing to develop agent capabilities similar to those recently released by American AI companies like Anthropic and OpenAI.

As AI jitters rattle IT stocks, Infosys partners with Anthropic to build ‘enterprise-grade’ AI agents

infonews
industry
Feb 17, 2026

Infosys, a major Indian IT services company, has partnered with Anthropic to build AI agents (autonomous systems that can independently handle complex tasks) using Anthropic's Claude models integrated into Infosys's Topaz AI platform. These agents are designed to automate workflows in industries like banking and manufacturing, though the partnership comes amid concerns that AI tools will disrupt India's labor-intensive IT services sector. Infosys is already using Anthropic's Claude Code tool internally to write and test code, with AI services currently generating about $275 million in quarterly revenue for the company.

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

highnews
security
Feb 17, 2026

Cybersecurity researchers discovered a SmartLoader campaign where attackers created fake GitHub accounts and a trojanized Model Context Protocol server (a tool that connects AI assistants to external data and services) posing as an Oura Health tool to distribute StealC infostealer malware. The attackers spent months building credibility by creating fake contributors and repositories before submitting the malicious server to legitimate registries, targeting developers whose systems contain valuable data like API keys and cryptocurrency wallet credentials.

Side-Channel Attacks Against LLMs

infonews
securityresearch

Could Bill Gates and political tussles overshadow AI safety debate in Delhi?

infonews
policyindustry

Samsung is slopping AI ads all over its social channels

infonews
industry
Feb 17, 2026

Samsung has been posting videos on YouTube, Instagram, and TikTok that were created or edited using generative AI (software that creates images, video, or text from text descriptions), including promotional videos for its upcoming Galaxy S26 smartphones. The company disclosed the AI usage in fine print at the bottom of some videos, though the AI-generated nature of the content is visually apparent.

Previous208 / 322Next
GitHub Advisory Database
GitHub Advisory Database

Fix: Upgrade to openclaw version 2026.2.3 or later. If you do not use the Slack integration, no action is required.

GitHub Advisory Database
CNBC Technology
CNBC Technology
The Verge (AI)
Feb 17, 2026

Researchers discovered that AI assistants like Microsoft Copilot and Grok, which can browse the web and fetch URLs, can be abused as command-and-control (C2) proxies, a stealthy communication channel that lets attackers send commands to malware and receive data back while blending in with normal business communications. This technique, which requires the attacker to have already compromised a machine, works without needing API keys or accounts, making traditional security measures like key revocation ineffective. The attack demonstrates how AI tools can be weaponized beyond just generating malware, but also as intelligent intermediaries that help attackers adapt their strategies in real time based on information from the compromised system.

The Hacker News
TechCrunch
TechCrunch
GitHub Advisory Database
TechCrunch

Fix: Update to OpenClaw version 2026.2.12 or later. The fix includes: rejecting the `sessionKey` parameter by default unless explicitly enabled with `hooks.allowRequestSessionKey=true`, adding a `hooks.defaultSessionKey` option for fixed routing, and adding `hooks.allowedSessionKeyPrefixes` to restrict which session keys can be used. The recommended secure configuration disables `allowRequestSessionKey`, sets `defaultSessionKey` to "hook:ingress", and restricts prefixes to ["hook:"].

GitHub Advisory Database
TechCrunch
CNBC Technology
TechCrunch

Fix: Organizations are recommended to inventory installed MCP servers, establish a formal security review before installation, verify the origin of MCP servers, and monitor for suspicious egress traffic and persistence mechanisms.

The Hacker News
Feb 17, 2026

These three research papers describe side-channel attacks (exploiting indirect information leaks like timing or packet sizes rather than breaking encryption directly) against large language models. Attackers can monitor encrypted network traffic and infer sensitive information about user conversations, such as the topic of messages, specific queries, or even personal data, by analyzing patterns in response times, packet sizes, or token counts from the model's inference process.

Fix: The source text proposes several mitigations but notes that none provides complete protection. Specific defenses mentioned include: random padding (adding fake data to obscure patterns), token batching (grouping tokens together before sending), packet injection (inserting extra packets), and iteration-wise token aggregation (combining token counts across processing steps). The papers also note that responsible disclosure and collaboration with LLM providers has led to initial countermeasures being implemented, though the authors conclude that providers need to do more work to fully address these vulnerabilities.

Schneier on Security
Feb 17, 2026

The AI Impact Summit in India this week brings together tech leaders, politicians, and scientists to discuss how to guide AI development globally, but the event risks being overshadowed by political tensions and competing interests between Western powers and the Global South. India faces significant challenges in AI adoption, including that major AI chatbots like ChatGPT and Claude don't support most of India's languages, and AI data workers there earn less than £4,000 per year while Western AI companies are valued in the hundreds of billions, creating inequality in how AI benefits are distributed worldwide.

BBC Technology
The Verge (AI)