All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Flowise is a tool with a drag-and-drop interface for building custom AI workflows. Before version 3.1.2, it had a vulnerability where mass-assignment (improperly allowing users to modify system fields they shouldn't access) let attackers take over evaluations across different workspaces, even if they didn't have permission.
Fix: This issue has been patched in version 3.1.2.
NVD/CVE DatabaseFlowise is a visual tool for building customized LLM (large language model) workflows. Before version 3.1.2, it had a mass-assignment vulnerability (a flaw where attackers can modify object properties they shouldn't access) that allowed users to take over dataset rows across different workspaces, with a high severity rating of 7.7.
Flowise, a drag-and-drop tool for building customized AI workflows, had a vulnerability before version 3.1.2 that allowed attackers to take over datasets across different workspaces through mass-assignment (a flaw where an attacker can modify object properties that shouldn't be exposed). The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 7.7, indicating it is high severity.
Flowise is a drag-and-drop tool for building custom large language model workflows. Before version 3.1.2, it had a mass-assignment vulnerability (a security flaw where unintended data fields can be modified) in its CustomTemplate feature that could let attackers take over templates across different workspaces. This issue has been fixed in version 3.1.2.
Flowise is a tool with a drag-and-drop interface for building customized AI workflows. Before version 3.1.2, it had a mass-assignment vulnerability (a type of security flaw where an attacker can modify data they shouldn't have access to) that allowed someone to take over assistants across different workspaces by manipulating how the system creates and updates assistants.
Flowise, a tool with a drag-and-drop interface for building custom AI workflows, had a security flaw in versions before 3.1.2 where certain endpoints (API routes, which are web addresses that accept requests) for managing OpenAI Assistants Vector Store lacked proper access controls. This meant that even though these endpoints required an API key (a credential for authentication), they didn't actually verify whether users had permission to perform their requested actions.
Flowise is a tool with a drag-and-drop interface for building customized workflows with large language models (LLMs, AI systems trained on massive amounts of text). Before version 3.1.2, the software had a bug where sensitive encrypted credential data was being exposed in API responses when users filtered credentials by name, even though the same data was properly hidden when no filter was used. This is a high-severity security issue because it could allow someone with basic access to view encrypted passwords or API keys they shouldn't see.
Flowise, a tool for building custom AI workflows with a visual interface, had a vulnerability before version 3.1.2 where any user with API access could submit malicious JavaScript code to a function node. When a security key (E2B_APIKEY) wasn't set up (the typical case), this code could break out of its sandbox (a restricted execution environment) and run system commands on the server hosting Flowise.
Flowise, a tool for building customized AI workflows through a drag-and-drop interface, has a mass assignment vulnerability (a bug where attackers can modify fields they shouldn't be able to change) in versions before 3.1.2 that lets authenticated users reassign assistants to different workspaces by manipulating the workspaceId field, breaking the isolation between separate user workspaces in multi-user environments.
Flowise is a tool with a drag-and-drop interface for building customized AI workflows. Before version 3.1.2, the checkBasicAuth endpoint (a part of the system that checks user login credentials) had a security flaw where it validated passwords in plaintext (unencrypted text) without rate limiting (restrictions on how many attempts someone can make) and compared them directly, making it vulnerable to attacks.
Google is upgrading NotebookLM, an AI-powered note-taking app, to use Gemini 3.5, a newer and more advanced version of its AI model that will provide more accurate answers. The update lets users start research projects by simply asking questions, and NotebookLM will automatically search the web to find relevant sources rather than requiring users to manually import materials.
This item is not AI/LLM-related and does not describe a technical security issue, vulnerability, or problem. It is a corporate legal announcement about a confidential S-1 filing (a registration statement for going public) with the SEC (Securities and Exchange Commission), noting that the company expects the document to leak and is making a preemptive announcement while deciding on timing for a public offering.
Microsoft's AI chief Mustafa Suleyman discusses how Microsoft has restructured its AI division to independently pursue superintelligence (AI systems that could surpass human capabilities across all domains), following a renegotiated partnership with OpenAI in October that allows both companies to develop models separately. The interview covers Microsoft's new approach to training frontier models (cutting-edge AI systems at the limits of current technology), the company's relationship with OpenAI, and how AI is being perceived by the public and in politics.
This article presents 15 strategic questions that CISOs (chief information security officers, the leaders responsible for an organization's security) should regularly ask themselves to ensure their security programs stay effective and aligned with business needs. The questions cover areas like demonstrating security's value to the business, protecting critical processes, understanding impact of breaches, detection speed, and keeping pace with modern threats. The article emphasizes that security programs must continuously adapt rather than remain static, especially in an AI-enabled threat environment where the focus should shift from finding every vulnerability to protecting the most critical business processes and ensuring rapid incident response.
OpenAI is expanding two security features for ChatGPT accounts. Lockdown Mode helps prevent data exfiltration (unauthorized data theft) from prompt injection attacks (tricking an AI by hiding instructions in its input) by limiting outbound network requests, though it disables features like web browsing and file downloads. Active Sessions lets users see where their account is logged in and log out of unrecognized sessions.
Fix: This issue has been patched in version 3.1.2. Users should update Flowise to version 3.1.2 or later.
NVD/CVE DatabaseFix: This issue has been patched in version 3.1.2.
NVD/CVE DatabaseFix: Update to version 3.1.2, which patches this vulnerability.
NVD/CVE DatabaseFix: This issue has been patched in version 3.1.2. Users should update to version 3.1.2 or later.
NVD/CVE DatabaseFix: This issue has been patched in version 3.1.2.
NVD/CVE DatabaseFix: Update Flowise to version 3.1.2 or later, where this issue has been patched.
NVD/CVE DatabaseFix: Upgrade to version 3.1.2, which patches this vulnerability.
NVD/CVE DatabaseFix: Update to version 3.1.2, where this issue has been patched.
NVD/CVE DatabaseFix: Update to version 3.1.2, which patches this vulnerability.
NVD/CVE DatabaseResearchers developed a new membership inference attack (MIA, a method to determine whether specific data was used to train an AI model) called MU-MIA that uses machine unlearning (a technique to make a model forget specific training samples) to track how a model forgets information about individual samples. The attack works by monitoring changes in the model's behavior as it unlearns each sample and uses a BiLSTM classifier (a type of neural network that analyzes sequences of data) to distinguish between samples that were in the training data versus those that weren't.
A study in Sierra Leone tested whether AI (specifically Google's Gemini) could help students learn math better by acting as a teaching partner rather than replacing teachers. The AI was designed using a 'Socratic' approach, asking guiding questions instead of giving direct answers, and students who used it showed significant learning gains equivalent to 1.2 to 2.5 years of typical progress in just eight weeks, while maintaining high engagement and shifting their own questions toward understanding rather than just seeking solutions.
This newsletter covers multiple AI and tech developments, including OpenAI's plans to transform ChatGPT into a 'super app' (an all-in-one application combining multiple tools and services) before going public, Google's $30 billion deal with SpaceX for AI computing power, and concerns about AI's rising energy costs and environmental impact. It also reports on facial recognition tools being deployed by immigration enforcement, fears about 'recursive self-improvement' (AI systems automatically improving their own capabilities), and how machine learning is helping historians analyze historical records while introducing risks of bias and errors.
Anthropic launched Project Glasswing in April to help companies find software vulnerabilities (weaknesses that attackers can exploit) using their AI model, though claims about its superiority over other models are unverified. A status report shows the project is finding many vulnerabilities, including dangerous ones, but almost none have been patched, and Anthropic has not released detailed information about the findings.
Most enterprise security teams are unprepared for real cyberattacks because they treat cybersecurity as a compliance requirement rather than an operational capability that requires constant practice. The military achieves rapid, coordinated responses to cyber incidents through regular, realistic exercises and by assuming attacks are inevitable, while businesses rely on outdated annual tabletop exercises and focus on prevention rather than detection, containment, and recovery.
Fix: OpenAI provides two explicit mitigations: (1) Enable Lockdown Mode in Settings > Security > Advanced Security to limit outbound network requests during prompt injection attacks, and (2) use Active Sessions in Settings > Security to review and log out of unrecognized account sessions. Additionally, OpenAI offers Advanced Account Security, which disables password-based login in favor of physical security keys or passkeys, replaces email/SMS account recovery with backup passkeys and recovery keys, and shortens sign-in sessions to reduce account takeover risk.
SecurityWeek