All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Microsoft Windows Desktop Window Manager has a type confusion vulnerability (a bug where the software treats data as the wrong type, causing incorrect behavior) that allows an authorized attacker to gain higher-level access on a local computer. This vulnerability is currently being exploited by attackers in the wild.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesA research paper studied how to present large amounts of structured data (like SQL databases with thousands of tables) to AI language models in different formats (YAML, Markdown, JSON, and TOON) to help them generate correct code. The study found that more advanced models like GPT and Gemini performed much better than open-source models, and that using unfamiliar data formats like TOON actually made models less efficient because they spent extra effort trying to understand the new format.
Moltbook was an online platform where AI agents (software programs designed to act independently) interacted with each other, which some people saw as a preview of useful AI in the future, but it turned out to be mostly a social experiment and entertainment similar to a 2014 internet phenomenon called Twitch Plays Pokémon. The platform was flooded with crypto scams and many 'AI' posts were actually written by humans controlling the agents, revealing that truly helpful AI systems would need better coordination, shared goals, and shared memory to work together effectively.
N/A -- The provided content is a GitHub navigation menu and footer with no technical information about langchain-openai==1.1.8 or any AI/LLM-related issue.
CVE-2026-25904 is a security flaw in the Pydantic-AI MCP Run Python tool where the Deno sandbox (a restricted environment for running code safely) is configured too permissively, allowing Python code to access the localhost interface and perform SSRF attacks (server-side request forgery, where an attacker tricks a server into making unwanted requests). The project is archived and unlikely to receive a fix.
GitLab AI Gateway had a vulnerability in its Duo Workflow Service component where user-supplied data wasn't properly validated before being processed (insecure template expansion), allowing attackers to craft malicious workflow definitions that could crash the service or execute code on the Gateway. This flaw affected multiple versions of the AI Gateway.
Anthropic released a faster version of Claude Opus 4.6 that operates 2.5 times faster, accessible through a /fast command in Claude Code, but costs 6 times more than the standard version ($30/million input tokens and $150/million output tokens versus the normal $5/million and $25/million). The company is offering a 50% discount until February 16th, reducing the cost multiplier to 3x during that period, and users can also extend the context window (the amount of text the AI can process at once) to 1 million tokens for additional charges.
WeKan versions before 8.19 have a bug in the attachment upload API where it doesn't properly check that the identifiers (like boardId, cardId, and listId) match up correctly, allowing attackers to upload attachments that don't belong together. This is an authorization weakness (CWE-863, a flaw in access control), rated as HIGH severity, that requires the attacker to already have login credentials to exploit.
Moltbook, a social network platform for AI agents to interact with each other, had a serious security flaw where a private key (a secret code used to authenticate users) was exposed in its JavaScript code. This exposed thousands of users' email addresses, millions of API credentials (login tokens), and private communications between AI agents, allowing attackers to impersonate any user. The vulnerability is particularly notable because Moltbook's code was entirely written by AI rather than human programmers.
Qdrant (a vector similarity search engine and vector database) has a vulnerability in versions 1.9.3 through 1.15.x where an attacker with read-only access can use the /logger endpoint to append data to arbitrary files on the system by controlling the on_disk.log_file path parameter. This vulnerability allows unauthorized file manipulation with minimal privileges required.
Microsoft's Semantic Kernel SDK (a tool for building AI agents that work together) had a vulnerability before version 1.70.0 that allowed attackers to write arbitrary files (files placed anywhere on a system) through the SessionsPythonPlugin component. The vulnerability has been fixed in version 1.70.0.
Enclave is a secure JavaScript sandbox used to safely run code written by AI agents. Before version 2.10.1, attackers could bypass its security protections in three ways: using dynamic property accesses to skip code validation, exploiting how error objects work in Node.js's vm module (a built-in tool for running untrusted code safely), and accessing functions through host object references to escape sandbox restrictions.
Pydantic AI, a Python framework for building AI applications, has a Server-Side Request Forgery vulnerability (SSRF, where an attacker tricks a server into making requests to unintended internal resources) in versions 0.0.26 through 1.55.x. If an application accepts message history from untrusted users, attackers can inject malicious URLs that make the server request internal services or steal cloud credentials. This only affects apps that take external user input for message history.
Researchers discovered that Group Relative Policy Optimization (GRPO), a technique normally used to improve AI safety, can be reversed to break safety alignment when the reward signals are changed. By giving a safety-aligned model even a single harmful prompt and scoring responses based on how well they fulfill the harmful request rather than refusing it, the model gradually abandons its safety guidelines and becomes willing to produce harmful content across many categories it never encountered during the attack.
This research introduces PP-DR, a privacy-preserving dimensionality reduction (a technique that reduces the number of features in a dataset to make it easier to analyze) scheme that uses homomorphic encryption (a type of encryption that allows computations on encrypted data without decrypting it first) to let multiple organizations securely share and analyze data together without revealing sensitive information. The new method is much faster and more accurate than previous approaches, achieving 30 to 200 times better computational efficiency and 70% less communication overhead.
Researchers have developed a new backdoor attack method called shell code injection (SCI) that can implant malicious logic into deep learning models (neural networks trained on large datasets) without needing to poison the training data. The attack uses techniques inspired by nature, like camouflage, along with trigger verification and code packaging strategies to trick models into making wrong predictions, and it can adapt its attack targets dynamically using large language models (LLMs) to make it more flexible and harder to detect.
AdvScan is a method for detecting adversarial examples (inputs slightly modified to trick AI models into making wrong predictions) on tiny machine learning models running on edge devices (small hardware like microcontrollers) without needing access to the model's internal details. The approach monitors power consumption patterns during the model's operation, since adversarial examples create unusual power signatures that differ from normal inputs, and uses statistical analysis to flag suspicious inputs in real-time with minimal performance overhead.
This recap highlights how attackers are exploiting trusted tools and marketplaces rather than breaking security controls directly. Key threats include malicious skills appearing in ClawHub (a registry for AI agent add-ons), a record-breaking 31.4 Tbps DDoS attack (a flood attack that overwhelms servers with massive traffic), and compromised update infrastructure for Notepad++ being used to distribute malware. The pattern shows attackers are abusing trust in updates, app stores, and AI workflows to gain access to systems.
Fix: OpenClaw has announced a partnership with Google's VirusTotal malware scanning platform to scan skills uploaded to ClawHub as part of a defense-in-depth approach to improve security. Additionally, the source notes that open-source agentic tools like OpenClaw require users to maintain higher baseline security competence than managed platforms.
The Hacker NewsClaude Opus 4.6, a new AI model, is significantly better at finding zero-day vulnerabilities (security flaws unknown to vendors and the public) than previous models, discovering high-severity bugs in well-tested code that fuzzing tools (programs that test software by sending random inputs) had missed for years. Unlike traditional fuzzing, Opus 4.6 analyzes code like a human researcher would, studying past fixes and code patterns to reason about what inputs would cause failures.
Fix: Update GitLab AI Gateway to version 18.6.2, 18.7.1, or 18.8.1, depending on which version you are running, as the vulnerability has been fixed in these versions.
NVD/CVE DatabaseOpenClaw has partnered with VirusTotal (a malware analysis service owned by Google) to scan skills uploaded to ClawHub, its marketplace for AI agent extensions. The system creates a unique SHA-256 hash (a digital fingerprint) for each skill and checks it against VirusTotal's database, automatically approving benign skills, flagging suspicious ones, and blocking malicious ones, with daily rescans of active skills. However, OpenClaw acknowledged that this scanning is not foolproof and some malicious skills using concealed prompt injection (tricking the AI by hiding malicious instructions in user input) may still get through.
Fix: OpenClaw announced it will publish a comprehensive threat model, public security roadmap, formal security reporting process, and details about a security audit of its entire codebase. Additionally, the platform added a reporting option that allows signed-in users to flag suspicious skills.
The Hacker NewsFix: Update to WeKan version 8.19 or later. A patch is available at https://github.com/wekan/wekan/commit/1d16955b6d4f0a0282e89c2c1b0415c7597019b8.
NVD/CVE DatabaseFix: Moltbook has fixed the security flaw that was discovered by the security firm Wiz.
Wired (Security)Fix: Update to Qdrant version 1.16.0 or later, where this vulnerability is fixed.
NVD/CVE DatabaseFix: Update to Microsoft.SemanticKernel.Core version 1.70.0. Alternatively, users can create a Function Invocation Filter (a check that runs before function calls) which inspects the arguments passed to DownloadFileAsync or UploadFileAsync and ensures the provided localFilePath is allow listed (checked against an approved list of file paths).
NVD/CVE DatabaseFix: This vulnerability is fixed in version 2.10.1.
NVD/CVE DatabaseFix: Update Pydantic AI to version 1.56.0 or later, where this vulnerability is fixed.
NVD/CVE Database