aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6449 items

Homophily Edge Augment Graph Neural Network for High-Class Homophily Variance Learning

inforesearchPeer-Reviewed
research
Dec 5, 2025

Graph Neural Networks (GNNs, machine learning models that work with interconnected data) perform poorly at detecting anomalies in graphs because of high Class Homophily Variance (CHV), meaning some node types cluster together while others scatter. The researchers propose HEAug, a new GNN model that creates additional connections between nodes that are similar in features but not originally linked, and adjusts its training process to avoid generating unwanted connections.

Fix: The proposed mitigation is the HEAug (Homophily Edge Augment Graph Neural Network) model itself. According to the source, it works by: (1) sampling new homophily adjacency matrices (connection patterns) from scratch using self-attention mechanisms, (2) leveraging nodes that are relevant in feature space but not directly connected in the original graph, and (3) modifying the loss function to punish the generation of unnecessary heterophilic edges by the model.

IEEE Xplore (Security & AI Journals)

CVE-2025-12189: The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPres

mediumvulnerability
security
Dec 5, 2025
CVE-2025-12189

A WordPress plugin called 'The Bread & Butter' has a security flaw called CSRF (cross-site request forgery, where an attacker tricks someone into performing an unwanted action on a website) in versions up to 7.10.1321. The flaw exists in the image upload function because it lacks proper nonce validation (a security token that verifies a request is legitimate), allowing attackers to upload malicious files that could lead to RCE (remote code execution, where an attacker runs commands on the website) if they can trick an admin into clicking a malicious link.

The Normalization of Deviance in AI

infonews
safetyresearch

CVE-2025-66479: Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrar

lowvulnerability
security
Dec 4, 2025
CVE-2025-66479

Anthropic Sandbox Runtime is a tool that restricts what processes can access on a computer's filesystem (file storage) and network without needing containers (isolated computing environments). Before version 0.0.16, a bug prevented the network sandbox from working correctly when no allowed domains were specified, which could let code inside the sandbox make network requests it shouldn't be able to make.

v0.14.10

infonews
industry
Dec 4, 2025

Version 0.14.10 of llama-index-core added a mock function calling LLM (a simulated language model that can pretend to execute functions), while related packages fixed typos and added new integrations like Airweave tool support for advanced search capabilities. This is a routine software release with feature additions and bug fixes.

Multivariate Time Series Anomaly Detection Using Learnable Spatial-Temporal Graph Ordinary Differential Equations Network

inforesearchPeer-Reviewed
research

Weighted Threshold Anonymous Credentials With Redactable Fine-Grained Blind Signature for Auditable Lending System in Blockchains

inforesearchPeer-Reviewed
security

Learning Personalized Human Decision Models in Cyber Defense

inforesearchPeer-Reviewed
research

CVE-2025-33211: NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified

highvulnerability
security
Dec 3, 2025
CVE-2025-33211

NVIDIA Triton Server for Linux has a vulnerability where attackers can bypass input validation (improper validation of specified quantity in input) by sending malformed data. This flaw could allow an attacker to cause a denial of service attack (making a system unavailable to legitimate users).

CVE-2025-33201: NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause an improper check for unusual or exc

highvulnerability
security
Dec 3, 2025
CVE-2025-33201

NVIDIA Triton Inference Server has a vulnerability (CVE-2025-33201) where an attacker can send extremely large data payloads to bypass safety checks, potentially crashing the service and making it unavailable to legitimate users (a denial of service attack). The vulnerability stems from improper validation of unusual or exceptional input conditions.

CVE-2025-66404: MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is

mediumvulnerability
security
Dec 3, 2025
CVE-2025-66404

MCP Server Kubernetes (a tool that lets software manage Kubernetes clusters, which are systems for running containerized applications) has a vulnerability in versions before 2.9.8 where the exec_in_pod tool accepts user commands without checking them first. When commands are provided as strings, they go directly to shell interpretation (sh -c, a command processor) without validation, allowing attackers to inject malicious shell commands either directly or through prompt injection (tricking an AI into running hidden instructions in its input).

CVE-2025-66032: Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and shor

criticalvulnerability
security
Dec 3, 2025
CVE-2025-66032

Claude Code is an agentic coding tool (software that can write and run code automatically) that had a vulnerability before version 1.0.93 where errors in parsing shell commands (instructions to a computer's operating system) allowed attackers to bypass read-only protections and execute arbitrary code if they could add untrusted content to the tool's input. This vulnerability (command injection, or tricking the tool into running unintended commands) had a CVSS score (0-10 severity rating) of 8.7, marking it as high-risk.

CVE-2025-13359: The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL

mediumvulnerability
security
Dec 3, 2025
CVE-2025-13359

A WordPress plugin called 'Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI' has a time-based SQL injection vulnerability (a security flaw where attackers can insert malicious database commands through user input) in its "getTermsForAjax" function in versions up to 3.40.1. Authenticated users with contributor-level access or higher can exploit this flaw to extract sensitive information from the website's database because the plugin doesn't properly validate user input before using it in database queries.

CVE-2025-13354: The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization

mediumvulnerability
security
Dec 3, 2025
CVE-2025-13354

A WordPress plugin called AI Autotagger with OpenAI has a security flaw in versions up to 3.40.1 where it fails to properly check if users have permission to perform certain actions. This authorization bypass (a failure to verify that someone is allowed to do something) allows authenticated attackers with basic subscriber-level access to merge or delete taxonomy terms (categories and tags used to organize content) that they shouldn't be able to modify.

Quantum Fourier Transformation and Clifford Gate-Driven Secure Communication Model for Smart Grid Environments

inforesearchPeer-Reviewed
research

Collusion-Resistant and Time-Aware Co-Verification for Edge Data Integrity

inforesearchPeer-Reviewed
security

LibPass: An Entropy-Guided Black-Box Adversarial Attack Against Third-Party Library Detection Tools in the Wild

inforesearchPeer-Reviewed
security

Detecting Stealthy Web Bots: A Behavioral Analysis Framework for OpenWPM Automation

inforesearchPeer-Reviewed
security

v0.14.9

infonews
industry
Dec 2, 2025

LlamaIndex released version 0.14.9 with updates across multiple components, including bug fixes for vector stores (systems that store converted data in a format AI models can search), support for new AI models like Claude Opus 4.5 and GPT-5.1, and improvements to integrations with services like Azure, Bedrock, and Qdrant. The release addresses issues with memory management, async operations (non-blocking code that runs in parallel), and various database connectors.

Population Historical Information-Driven Evolutionary Multitask Neural Architecture Search

inforesearchPeer-Reviewed
research
Previous232 / 323Next
NVD/CVE Database
Dec 4, 2025

The AI industry is gradually accepting LLM (large language model) outputs as reliable without questioning them, similar to how NASA ignored warning signs before the Challenger disaster. This 'normalization of deviance' (accepting behavior that deviates from proper standards as normal) is particularly risky in agentic systems (AI systems that can take independent actions without human approval at each step), where unchecked LLM decisions could cause serious problems.

Embrace The Red

Fix: A patch was released in v0.0.16 that fixes this issue.

NVD/CVE Database
LlamaIndex Security Releases
Dec 4, 2025

This paper presents MAD-ODE, a method for detecting anomalies (unusual behavior) in multivariate time series data (multiple measurements changing over time) from IoT (Internet of Things) devices using Graph Neural Networks (GNNs, which are AI models that process data organized as connected nodes and relationships). The method combines two types of graph structures—one built from prior knowledge about sensor relationships and one learned automatically—along with a special type of neural network that can capture long-range patterns in data over time.

IEEE Xplore (Security & AI Journals)
Dec 4, 2025

This academic paper proposes WTAC (weighted threshold anonymous credentials with redactable fine-grained blind signature), a new privacy system designed for blockchain platforms that need to balance user anonymity with regulatory oversight. The system uses advanced cryptographic techniques (like functional encryption and secret-sharing) to let credential issuers verify certain information about users without seeing their actual data, while keeping the issuer's identity hidden from both users and verifiers. The researchers demonstrate how their system could work in a privacy-preserving lending platform on blockchains and claim their approach is both secure and efficient.

IEEE Xplore (Security & AI Journals)
safety
Dec 4, 2025

This research proposes a method for AI systems to learn and understand the unique decision-making patterns of individual human operators in cyber defense roles, such as their risk tolerance and curiosity levels. Rather than trying to copy what operators do, the approach uses a kernel-based inverse learning framework (a mathematical technique to infer hidden traits from observed behavior) to build personalized models that can provide better guidance and support. The method was tested with 108 participants and showed it can accurately predict individual decision-making styles even with limited data, helping AI assistants adapt their support to different operators while maintaining mission safety.

IEEE Xplore (Security & AI Journals)
NVD/CVE Database
NVD/CVE Database

Fix: Update to version 2.9.8, where this vulnerability is fixed.

NVD/CVE Database

Fix: Update Claude Code to version 1.0.93 or later, where this vulnerability is fixed.

NVD/CVE Database
NVD/CVE Database

Fix: A patch is available. According to the source, users should update to the version fixed in the GitHub commit referenced at https://github.com/TaxoPress/TaxoPress/commit/5eb2cee861ebd109152eea968aca0259c078c8b0.

NVD/CVE Database
Dec 3, 2025

Smart grids (power distribution systems that communicate usage data electronically) currently use classical public-key cryptosystems (encryption methods based on mathematical problems that are hard to solve) to protect power consumption information, but quantum computing threatens to break these systems. This paper proposes QC-EAM, a new security model using quantum encryption and quantum Fourier transformation (a quantum algorithm for processing data) to protect smart grid communications, tested on IBM's quantum computing platform.

IEEE Xplore (Security & AI Journals)
Dec 3, 2025

This research proposes CTCV, a framework to verify that data stored on edge nodes (computers positioned between users and distant servers for faster access) hasn't been corrupted or tampered with. The framework uses blockchain (a distributed ledger technology) to let edge nodes check each other's data integrity without relying on a single trusted auditor, while preventing collusion attacks (where multiple nodes work together to hide data corruption) through careful verification methods and time limits on response times.

IEEE Xplore (Security & AI Journals)
research
Dec 3, 2025

Researchers discovered a serious weakness in tools designed to detect third-party libraries (external code that apps use) in Android applications. They created LibPass, an attack method that generates tricked versions of apps that can fool these detection tools into missing dangerous or non-compliant libraries, with success rates reaching up to 99%. The study reveals that current detection tools are not robust enough to withstand intentional attacks, which puts users at risk since unsafe libraries could hide inside apps.

IEEE Xplore (Security & AI Journals)
Dec 3, 2025

Advanced web bots like OpenWPM (a browser automation tool) can hide their identity and mimic human behavior, making them hard to detect and potentially enabling fraud or data theft. Researchers developed a detection system that analyzes four types of browsing behaviors (mouse movement, clicks, keystrokes, and scrolling) using machine learning classification models to identify these stealthy bots with 98.8% accuracy.

IEEE Xplore (Security & AI Journals)
LlamaIndex Security Releases
Dec 2, 2025

This research presents HIMT-NAS, an improved method for neural architecture search (NAS, the process of automatically designing neural network structures) that handles multiple tasks at once. The new approach tracks historical information about previous network designs across generations to reduce wasted search effort and adjusts how knowledge is shared between different tasks based on their similarity, addressing problems in existing multitask NAS methods.

IEEE Xplore (Security & AI Journals)