All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Researchers propose a generative model for time series (sequences of data points over time) based on Schrödinger bridge, a mathematical technique that uses optimal transport (finding the most efficient way to transform one data distribution into another) to create synthetic time series data. The model estimates unknown functions from real data using nonparametric methods (techniques that don't assume a specific underlying mathematical form) and generates new synthetic samples that preserve the temporal patterns in the original data.
A missing authorization vulnerability (CWE-862, a weakness where the system fails to check if a user has permission to access something) was found in the Recorp AI Content Writing Assistant plugin for WordPress, affecting versions up to 1.1.7. This flaw allows attackers to exploit incorrectly configured access control, meaning they could potentially access features or data they shouldn't be able to reach.
CVE-2025-62116 is a missing authorization vulnerability (a security flaw where the software fails to check if a user has permission to perform an action) in Quadlayers AI Copilot that affects versions up to 1.4.7. The vulnerability allows attackers to exploit incorrectly configured access control security levels, meaning they may be able to access or perform actions they shouldn't be allowed to.
A major copyright case is now before the Supreme Court, asking whether internet service providers (ISPs) must act as copyright enforcers by cutting off users' internet access based on accusations alone. A lower court ruled that ISPs could be held liable for copyright infringement by their customers, which could lead to entire households, schools, and libraries losing internet access due to one person's alleged infringement, especially harming low-income and underserved communities.
A vulnerability in the Linux kernel's TLS (Transport Layer Security, a protocol that encrypts network traffic) implementation could cause threads to hang indefinitely on a lock called tx_lock. An adversarial receiver could keep the RWIN (receive window, which controls how much data can be sent) at 0 for extended periods, preventing a thread holding tx_lock from making progress and potentially blocking it for hours.
A data race vulnerability (a situation where two parts of a program access the same data simultaneously without protection) was found in the Linux kernel's RDMA/irdma driver, where completion statistics were being read and written from different processor cores at the same time. The fix converts the completion statistics into an atomic variable (a thread-safe data type that ensures safe updates across multiple processors), preventing data corruption and compiler optimization issues.
This is a release of llama-index v0.14.12, a framework for building AI applications, containing various updates across multiple components including bug fixes, new features for asynchronous tool support, and improvements to integrations with services like OpenAI, Google, Anthropic, and various vector stores (databases that store numerical representations of data for AI searching). Key fixes address issues like crashes in logging, missing parameters in tool handling, and compatibility improvements for newer Python versions.
The Electronic Frontier Foundation (EFF) received thousands of media mentions in 2025 while advocating for digital civil liberties, particularly regarding surveillance technologies like ALPRs (automated license plate readers, which scan vehicle plates automatically) and police use of doorbell cameras. The organization also pursued lawsuits challenging government data sharing and privacy violations, and spoke out against age-verification laws that threaten privacy and free expression.
LMDeploy is a toolkit for compressing, deploying, and serving large language models (LLMs). Prior to version 0.11.1, the software had an insecure deserialization vulnerability (unsafe conversion of data back into executable code) where it used torch.load() without the weights_only=True parameter when opening model checkpoint files, allowing attackers to run arbitrary code on a victim's machine by tricking them into loading a malicious .bin or .pt model file.
This paper studies how to improve the accuracy of generative models (AI systems that create new data, like images or text) by using knowledge transfer, where a model trained on one task helps train a model on a different task. The researchers introduce a framework based on 'Shared Embedding,' a technique that finds common patterns between different tasks even when their data looks different, and show that this approach improves performance in two types of generative models: diffusion models (which gradually refine random noise into structured outputs) and normalizing flows (mathematical transformations that learn data distributions).
This paper presents a mathematical framework for understanding denoising Markov models (generative models that learn to reverse a noising process to create new data). The authors use concepts from statistical mechanics to establish rigorous rules for how these models work, unifying existing approaches like diffusion models and proposing new variations using different types of mathematical processes.
This research examines Byzantine robust optimization, a technique that protects machine learning systems when data is poisoned (corrupted or maliciously altered) and some workers (computers processing parts of the dataset) behave unpredictably in distributed networks. The study proves that Byzantine-robust approaches provide optimal protection even when facing weaker threats where only local datasets are poisoned, and shows that having some workers with completely corrupted data is more damaging than having workers with partially corrupted data.
This research presents a method for converting large-scale weather predictions into detailed local rainfall forecasts using neural networks and statistical models. The approach works in two steps: first, it uses joint generalized neural models (neural networks that predict the parameters of probability distributions) to estimate rainfall distributions based on coarse weather data, and second, it uses a censored latent Gaussian copula (a mathematical model that captures how rainfall patterns are related across nearby locations) to ensure spatial coherence. The method was tested on UK weather data and performed better than existing techniques.
This research paper analyzes denoising reflected diffusion models, which are a type of generative AI (systems that create new data like images or text). The study shows that reflected diffusion processes (a mathematical technique using boundaries to keep the model's state space bounded) can match theoretical predictions better than standard diffusion models, and provides mathematical proof of how quickly these models converge to accurate results.
This research addresses how stochastic convex optimization (a machine learning technique for finding the best solution by processing data in random batches) can work when key problem parameters are unknown. The authors propose two methods: a model selection technique that prevents overfitting (when an AI learns noise in the validation data instead of real patterns), and a regularization-based approach that estimates unknown parameters to achieve optimal efficiency. Experiments on image classification and shape-counting tasks show these methods help reduce overfitting on small validation sets.
This research studies how to predict whether borrowers on micro-lending platforms (small-loan services) will default (fail to repay their loans) by examining their call activity and social media behavior. The study analyzed over 154,000 loans from Indonesian platforms and found that frequent calls and stable calling patterns suggest lower default risk, while frequent social media activity and stable social media patterns actually indicate higher default risk. These findings suggest that micro-lending platforms could improve their credit assessment models (systems for deciding who gets loans) by combining both types of behavioral data.
This research studied what makes knowledge workers (people whose jobs involve handling information) want to use ChatGPT at work, using technology affordance and constraints theory (a framework explaining how tools enable certain actions while limiting others). The study found that ChatGPT's benefits like automation, information quality, and productivity boost adoption, but concerns about risk and lack of regulation reduce it. Personal innovativeness (how open someone is to new ideas) and supportive workplace culture help workers embrace ChatGPT despite their concerns.
This presentation covers security vulnerabilities found in agentic systems, which are AI agents (systems that can take actions autonomously) that can use computers and write code. The talk includes demonstrations of exploits discovered during the Month of AI Bugs, a security research initiative focused on finding bugs in AI systems.
Fix: Use interruptible sleep where possible and reschedule the work if it can't take the lock. The fix has been applied in multiple kernel commits available at kernel.org (commit hashes: 1f800f6aae57d2d8f63d32fff383017cbc11cf65, 7123a4337bf73132bbfb5437e4dc83ba864a9a1e, bde541a57b4204d0a800afbbd3d1c06c9cdb133f, be5d5d0637fd88c18ee76024bdb22649a1de00d6, ccf1ccdc5926907befbe880b562b2a4b5f44c087, and f3221361dc85d4de22586ce8441ec2c67b454f5d).
NVD/CVE DatabaseFix: Make completion statistics an atomic variable to reflect coherent updates to it. This will also avoid load/store tearing logic bug potentially possible by compiler optimizations.
NVD/CVE DatabaseThis research explores multiresolution learning, a training method where AI models learn from data at multiple levels of detail, starting from very coarse versions and progressively moving to finer ones. The study shows this approach makes deep neural networks (DNNs, which are AI systems with many layers) more robust against noise and adversarial attacks (deliberate attempts to fool the AI) while maintaining accuracy, without requiring extra computing power compared to traditional training methods.
Fix: This issue has been patched in version 0.11.1.
NVD/CVE DatabaseHypergraph Neural Networks (HGNNs, which are AI models that learn from data where connections can link multiple items together instead of just pairs) can be weakened by structural attacks that corrupt their connections and reduce accuracy. HGNN Shield is a defense framework with two main components: Hyperedge-Dependent Estimation (which assesses how important each connection is within the network) and High-Order Shield (which detects and removes harmful connections before the AI processes data). Experiments show the framework improves performance by an average of 9.33% compared to existing defenses.
Fix: The HGNN Shield defense framework addresses the vulnerability through two modules: (1) Hyperedge-Dependent Estimation (HDE) that 'prioritizes vertex dependencies within hyperedges and adapts traditional connectivity measures to hypergraphs, facilitating precise structural modifications,' and (2) High-Order Shield (HOS) positioned before convolutional layers, which 'consists of three submodules: Hyperpath Cut, Hyperpath Link, and Hyperpath Refine' that 'collectively detect, disconnect, and refine adversarial connections, ensuring robust message propagation.'
IEEE Xplore (Security & AI Journals)