All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
The `kubectl_generic` tool in `mcp-server-kubernetes` accepts any kubectl flags without validation, allowing an attacker to inject flags like `--server=https://attacker.com` and `--insecure-skip-tls-verify=true`. When a privileged operator uses the MCP server and an AI agent follows injected instructions in logs, kubectl sends the operator's Kubernetes bearer token (authentication credential) to the attacker's server, which can then be replayed to gain full cluster access.
Omni (a cluster management tool) creates a resource called ImportedClusterSecrets when importing standalone Talos clusters. This resource contains the CA (certificate authority, the foundational keys that verify identities in a system) secrets for that cluster. If these secrets are not rotated by the user who imported the cluster, any authenticated user with Reader-level access can read this resource and obtain full control over the cluster's Kubernetes, Talos, and etcd APIs, even outside Omni's security controls.
A vulnerability in Omni's CreateSchematic API allows an authenticated Operator (administrator) to perform path traversal (accessing files or endpoints outside the intended directory) on the image-factory server by embedding unsanitized user input into a URL path. An attacker can use sequences like '../' to navigate to unintended endpoints and receive back error messages that may leak sensitive information from the image-factory server.
Omni has a TOCTOU race condition (a timing bug where two operations that should be atomic happen separately, allowing a race between them) in its SAML authentication system. An attacker who intercepts a single-use SAML session token can send multiple concurrent requests with that token, and because the system checks if the token is used and then marks it used in two separate steps rather than one atomic operation, both requests can pass validation, allowing the attacker to authenticate as the victim multiple times.
A weakness was found in thedotmack claude-mem software (up to version 11.0.1) where the computeObservationContentHash function uses weak hash functions (cryptographic methods that are easy to break). The vulnerability can only be exploited by someone with local access to the system, and it requires significant technical skill to carry out an attack.
A vulnerability exists in ONNX MLIR (a tool that converts machine learning models to code) versions up to 0.5.0.0 where the generate_hash_key function uses a weak hash (a simple algorithm for converting data into a fixed-length code that is easy to reverse or predict). The vulnerability requires local access to exploit and is difficult to execute in practice.
Anthropic, an AI company, has filed for an initial public offering (IPO, the process of selling company shares to the public for the first time) with a $965 billion valuation and $47 billion revenue run rate, setting up a major test of whether sky-high valuations for AI companies are justified. Analysts say the key metric determining Anthropic's success won't be its valuation but its gross margin (the percentage of revenue left after paying the costs to provide AI services), which the company has kept secret and will likely reshape how the entire industry is valued. The filing could have major impacts on competitors and how enterprises price AI services going forward.
Claude Code, Anthropic's AI coding assistant, stores OAuth tokens (security credentials that prove access permission) in plaintext in a configuration file, and researchers discovered an attack where malicious npm packages (JavaScript libraries) can silently redirect these tokens to attacker-controlled servers before they reach legitimate services like GitHub or Jira. The attack is difficult to detect because the requests appear legitimate in audit logs, and Anthropic has not released a patch despite knowing about the vulnerability since April.
Anthropic, a US AI company, has proposed that the world consider a temporary pause on AI development and plans to bring together policymakers to discuss the risks of advanced AI. The company released details about its Claude model's progress toward recursive self-improvement (the ability for an AI to automatically create better versions of itself), which AI safety researchers worry could lead to superintelligent AI (an AI system far more intelligent than humans) with potentially serious consequences.
Researchers warn that AI worms (self-replicating malicious programs that can adapt and move between systems on their own) represent a serious upcoming threat to businesses, with these intelligent threats expected to appear within the next year. Unlike traditional worms, these AI-powered versions can learn new environments, find security weaknesses on their own, and spread autonomously.
Anthropic has reportedly deployed engineers to the NSA to help the intelligence agency use Mythos, an AI model designed for cybersecurity tasks. This partnership is noteworthy because the Department of Defense previously banned the NSA from using Anthropic's technology, labeling the company a supply-chain risk after Anthropic refused to allow government use of its models for mass surveillance and autonomous weapons.
OpenAI is using AI models to design its own next models, according to SoftBank CEO Masayoshi Son, which he describes as a step toward "superintelligence" (AI vastly smarter than humans). However, Anthropic warned that this recursive self-improvement (RSI, where an AI system can autonomously design and develop its own successor) could increase risks of humans losing control over AI systems.
Fix: Anthropic stated that a coordinated effort between AI labs to slow down the development of recursive self-improvement technology "would likely be a good thing," though no specific technical fixes or implementation details are provided in the source text.
CNBC TechnologyFix: Upgrading to version 12.0.0 is sufficient to fix this issue. The patch is identified as f32fda8b35e9fe9329f87da65c31149362a03f97.
NVD/CVE DatabaseThe 2026 Verizon Data Breach Investigations Report reveals that attackers are increasingly operating through web browsers, where traditional security tools fail to detect them. Key risks include shadow AI (unauthorized use of services like ChatGPT with corporate data), credential theft in browsers (which accounts for 41% of browser-based attacks but goes undetected by network and endpoint security tools), and malicious browser extensions (13% classified as high or critical risk, often disguised as 'productivity' tools). The report shows that browser-layer attacks are largely invisible to conventional defenses like network proxies and DNS filters, creating a significant detection gap in enterprise security.
Researchers have created a prototype of an AI-powered internet worm, which is malware (malicious software that spreads itself) that carries its own LLM (large language model, a type of AI trained on text data) and runs it on computers it has broken into. This design closely matches the original concept of computer worms from 1975, but now enhanced with AI capabilities.
Fix: Apply patch 72c5187ff6d13c2c2b3d3789b8f5faf99f08a5b4 to resolve this issue.
NVD/CVE DatabaseThis cybersecurity news roundup covers several major threats: attackers are poisoning AI chatbot search results to trick users into downloading malware that hijacks computer power for cryptocurrency mining; the Grandoreiro banking trojan continues targeting financial institutions despite being a decade old; and a ransomware group called The Gentlemen uses self-propagating malware to automatically encrypt entire networks. Additionally, Let's Encrypt is preparing to adopt Merkle Tree Certificates (a more efficient way to batch multiple digital certificates under one signature) to handle the larger file sizes of post-quantum cryptography, with a test environment launching in late 2026.
Fix: Disconnect Automatic Tank Gauge (ATG) systems from the public internet immediately, according to warnings from CISA, the FBI, the NSA, and other US agencies. For post-quantum cryptography concerns, Let's Encrypt plans to launch a staging environment for Merkle Tree Certificates in late 2026, followed by full production rollout in 2027.
SecurityWeekAttackers exploited Meta's AI customer support agent by tricking it into linking Instagram accounts to email addresses they controlled, showing that AI security risks extend beyond sophisticated attacks to simple social engineering exploits. Psychologist Gloria Mark warns that relying on AI chatbots like ChatGPT and Claude may weaken human attention spans, critical thinking, and emotional intelligence by deferring cognitive work to machines.
Despite rapid adoption of AI tools in security operations centers (SOCs, teams that monitor and respond to security threats), only 10% report excellent value from these investments. The problem is structural: most SOCs deploy off-the-shelf AI without customization or best practices, and individual AI tools don't share information with each other, so analysts still face fragmented workflows even though individual tasks run faster.
Attackers exploited Meta's AI customer support agent by simply asking it to link Instagram accounts to email addresses they controlled, allowing them to steal accounts including a high-profile one. The hack shows that while AI security discussions often focus on powerful AI systems attacking computer infrastructure, the real vulnerability here was that the AI agent itself became a target through direct, straightforward manipulation that should have been caught before deployment.
Fix: The source explicitly mentions two mitigations: (1) Companies can use traditional software to build guardrails that make sure agents follow strict rules, such as always asking for answers to security questions before sending sensitive account information to a new email address. (2) Agents should undergo rigorous red-teaming, a process of testing systems by simulating attacks to find vulnerabilities before they're deployed to users.
MIT Technology ReviewAI tools are being sold increasingly on underground ransomware marketplaces, with sales growing from 38 posts in December 2025 to 1,486 in February 2026. These tools include weaponized LLMs (large language models without safety protections), deepfakes for identity fraud, AI-enhanced malware, and stolen AI accounts, making it easier for criminals to launch attacks at scale. The source notes that while criminal security is weaker than it appears and criminals sometimes steal from each other, ransomware attacks have grown 20% since 2023 and become significantly more profitable.
A UK Labour MP has launched a legal case against Elon Musk's company xAI over harmful content created by their Grok AI tool (a chatbot), including fake sexual images and videos of her. Following this test case, other potential victims have contacted her lawyer to pursue similar legal action against the company.