aisecwatch.com
DashboardVulnerabilitiesNewsResearchArchiveStatsDatasetFor devs
Subscribe
aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

VulnerabilitiesNewsResearchDigest ArchiveNewsletter ArchiveSubscribeData SourcesStatisticsDatasetAPIIntegrationsWidgetRSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Browse All

All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.

to
Export CSV
6498 items

CVE-2025-27032: memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache

highvulnerability
security
Sep 24, 2025
CVE-2025-27032

CVE-2025-27032 is a memory corruption bug in Qualcomm systems that occurs when a PIL authenticated VM (a virtual machine protected with Qualcomm's authentication system) is loaded without maintaining cache coherency (keeping copies of data in different storage locations synchronized). This vulnerability allows improper access to memory regions that should be protected.

NVD/CVE Database

AI Safety Newsletter #63: California’s SB-53 Passes the Legislature

inforegulatory
policy
Sep 24, 2025

California's legislature passed SB-53, the 'Transparency in Frontier Artificial Intelligence Act,' which would make California the first US state to regulate catastrophic risk (foreseeable harms like weapons creation, cyberattacks, or loss of control that could kill over 50 people or cause over $1 billion in damage). The bill requires developers of frontier AI models (large, cutting-edge AI systems) to publish transparency reports on their systems' capabilities and risk assessments, update safety frameworks yearly, and report critical safety incidents to state emergency services.

RDSAD: Robust Threat Detection in Evolving Data Streams via Adaptive Latent Dynamics

inforesearchPeer-Reviewed
research

OCEAN: Optional Capability-Based En Route Acknowledgement in Network Layer

inforesearchPeer-Reviewed
security

Anti-Spoofing and Mask-Supported Face Authentication Using mmWave Without On-Site Registration

inforesearchPeer-Reviewed
security

Privacy-Preserving Automated Deep Learning for Secure Inference Service

inforesearchPeer-Reviewed
security

Forseti: A Decentralized Permission Transfer Framework for IoT Leasing

inforesearchPeer-Reviewed
security

Charging Into Your Privacy: Indirect Privacy Leakage Attack Using a Laptop Charger

inforesearchPeer-Reviewed
security

Supply chain attacks are exploiting our assumptions

infonews
security
Sep 24, 2025

Modern software development relies on implicit trust assumptions when installing packages through tools like cargo add or pip install, but attackers are systematically exploiting these assumptions through supply chain attacks (attacks that compromise software before it reaches developers). In 2024 alone, malicious packages were removed from package registries (centralized repositories for code), maintainers' accounts were compromised to publish malware, and critical infrastructure nearly had backdoors (hidden access points) inserted. Traditional defenses like dependency scanning (automated checks for known security flaws) only catch known vulnerabilities, missing attacks like typosquatting (creating packages with names similar to legitimate ones), compromised maintainers, and poisoned build pipelines (the automated systems that compile and package code).

CVE-2025-6921: The huggingface/transformers library, versions prior to 4.53.0, is vulnerable to Regular Expression Denial of Service (R

highvulnerability
security
Sep 23, 2025
CVE-2025-6921

The huggingface/transformers library before version 4.53.0 has a vulnerability where malicious regular expressions (patterns used to match text) in certain settings can cause ReDoS (regular expression denial of service, a type of attack that makes a system use 100% CPU and become unresponsive). An attacker who can control these regex patterns in the AdamWeightDecay optimizer (a tool that helps train machine learning models) can make the system hang and stop working.

Toward Resisting Black-Box Attacks: A Robust Coverless Image Steganography Based on Hierarchical CID and Dual SIFT

inforesearchPeer-Reviewed
research

OptiVersa-ECDSA: Fast Threshold-ECDSA With Cheater Identification for Blockchains

inforesearchPeer-Reviewed
research

Cancelable Biometrics and Quantum-Resistant Two-Factor Authenticated Key Agreement for Mobile Device

inforesearchPeer-Reviewed
security

Meet Trick With Trick: Revealing Collusion Intentions in Highly Concealed Poisoning Behavior

inforesearchPeer-Reviewed
security

CVE-2025-59532: Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox conf

highvulnerability
security
Sep 22, 2025
CVE-2025-59532

Codex CLI (a coding tool from OpenAI that runs on your computer) versions 0.2.0 to 0.38.0 had a sandbox bug that allowed the AI model to trick the system into writing files and running commands outside the intended workspace folder. The sandbox (a restricted area meant to contain the tool's actions) wasn't properly checking where it should allow file access, which bypassed security boundaries, though network restrictions still worked.

CVE-2025-59434: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Host

criticalvulnerability
security
Sep 22, 2025
CVE-2025-59434

Flowise is a tool with a visual interface for building customized AI workflows. Before August 2025, free-tier users on Flowise Cloud could access sensitive secrets (like API keys for OpenAI, AWS, and Google Cloud) belonging to other users through a Custom JavaScript Function node, exposing data across different user accounts. This cross-tenant data exposure vulnerability has been patched in the August 2025 update.

CVE-2025-59528: Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vu

criticalvulnerability
security
Sep 22, 2025
CVE-2025-59528EPSS: 83.0%

Flowise version 3.0.5 has a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in its CustomMCP node. When users input configuration settings, the software unsafely executes the input as JavaScript code using the Function() constructor without checking if it's safe, allowing attackers to access dangerous system functions like running programs or reading files.

CVE-2025-59527: Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side

highvulnerability
security
Sep 22, 2025
CVE-2025-59527

Flowise version 3.0.5 contains a Server-Side Request Forgery vulnerability (SSRF, a flaw that lets attackers trick the server into making requests to internal networks on their behalf) in the /api/v1/fetch-links endpoint, allowing attackers to use the Flowise server as a proxy to access and explore internal web services. This vulnerability was patched in version 3.0.6.

A Self-Supervised Learning Framework for Soft Robot Proprioception

inforesearchPeer-Reviewed
research

CVE-2025-10772: A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown function

mediumvulnerability
security
Sep 22, 2025
CVE-2025-10772

A vulnerability (CVE-2025-10772) was found in huggingface LeRobot versions up to 0.3.3 in the ZeroMQ Socket Handler (a tool for sending messages between programs), which allows attackers to bypass authentication (verification of who you are) when accessing the system from within a local network. The vendor was notified but did not respond with a fix.

Previous246 / 325Next

Fix: SB-53 itself is the mitigation strategy described in the source. The bill requires frontier AI developers to: publish a frontier AI framework detailing capability thresholds and risk mitigations; review and update the framework annually with public disclosure of changes within 30 days; publish transparency reports for each new frontier model including technical specifications and catastrophic risk assessments; share catastrophic risk assessments from internal model use with California's Office of Emergency Services every 3 months; and refrain from misrepresenting catastrophic risks or compliance with their framework.

CAIS AI Safety Newsletter
security
Sep 24, 2025

RDSAD is an AI-based security system designed to detect cyberattacks on Cyber-Physical Systems (CPSs, which are machines that combine physical equipment with software to automate industrial processes). The system works without manual labeling and uses two techniques: one to understand how the system normally behaves, and another to adapt when patterns change, helping it catch attacks while avoiding false alarms.

IEEE Xplore (Security & AI Journals)
Sep 24, 2025

OCEAN is a security system designed for Industrial IoT (the use of connected devices in factories and industrial settings) that aims to prevent packet loss (data getting dropped during transmission) while keeping data transmission fast and secure. It uses specialized hardware (an ASIC and FPGA, which are types of programmable computer chips) combined with a network protocol (set of rules for how data moves between devices) that verifies packets at each hop and caches (temporarily stores) them until receiving confirmation they arrived safely.

IEEE Xplore (Security & AI Journals)
Sep 24, 2025

This research presents mmFace, a face authentication system that uses millimeter wave radar (mmWave, radio signals that can penetrate materials and detect fine details) instead of cameras to verify a person's identity while resisting spoofing attacks (fake faces or replayed recordings). The system works even when users wear masks because mmWave signals can pass through them, and it uses techniques like liveness detection (checking that a face is real and alive) and amplitude modulation-based methods to prevent attackers from fooling it with fake faces or recorded videos.

IEEE Xplore (Security & AI Journals)
privacy
Sep 24, 2025

This research proposes 2PCAutoDL, a system for automatically designing deep neural networks (DNNs, which are AI models with many layers) while keeping data and model designs private by splitting computations between two separate cloud servers. The system balances security and speed by using specialized protocols (step-by-step procedures) for different types of network layers, achieving significant speedups compared to existing approaches while maintaining similar model accuracy.

IEEE Xplore (Security & AI Journals)
Sep 24, 2025

IoT devices used in rental situations like Airbnbs need secure ways to transfer permission (access rights) from owners to renters, but current systems don't properly prevent problems like a malicious owner keeping camera access after handing it over. Forseti is a new authorization framework that uses zero-knowledge proof (a cryptographic method proving something is true without revealing the details) and a decentralized ledger (a shared, distributed record not controlled by any single party) to protect both owners' and renters' control over devices during permission transfers.

Fix: The source presents Forseti as a proposed solution framework that 'leverages zero-knowledge proof and a decentralized ledger to ensure that the rights of both hosts and tenants are not violated.' However, the source does not describe a specific implementation step, patch, update, or deployment procedure that users can apply.

IEEE Xplore (Security & AI Journals)
Sep 24, 2025

Researchers discovered a side-channel attack (a method of extracting secret information by analyzing physical properties like power usage rather than breaking encryption directly) called PrivateCharger that can infer what a user is doing on their laptop by analyzing magnetic field signals from the laptop charger from a distance. The attack works with commercially available equipment, requires no physical access to the laptop, and achieved 84.6% accuracy at certain battery levels, revealing that everyday peripherals can leak private information in ways previously not considered.

IEEE Xplore (Security & AI Journals)
Trail of Bits Blog

Fix: Update to huggingface/transformers version 4.53.0 or later.

NVD/CVE Database
Sep 23, 2025

This research paper presents a new method for coverless image steganography (CIS, a technique to hide secret information inside images without visibly altering them), designed to resist black-box attacks (attacks where an attacker can't see how the system works, only its outputs). The method uses SIFT (Scale-Invariant Feature Transform, an algorithm that identifies distinctive points in images), to create a dataset and mapping structure that hides data more securely and with greater capacity than previous CIS methods.

IEEE Xplore (Security & AI Journals)
Sep 23, 2025

OptiVersa-ECDSA is a new cryptographic protocol that improves threshold-ECDSA (a method where multiple parties must cooperate to sign blockchain transactions securely). The protocol uses novel techniques called verifiable secret-product sharing (VSPS, a way to distribute and verify secret values) to achieve 35-65% faster performance and 99% improvement in cheater identification compared to previous approaches, making it practical for real-time blockchain use.

IEEE Xplore (Security & AI Journals)
Sep 23, 2025

This paper proposes CQT-AKA, a security method for mobile devices that combines cancelable biometrics (fingerprints or facial features that can be regenerated if compromised) with quantum-resistant encryption (protection against future powerful computers) to securely exchange encryption keys between devices. The approach is more secure than traditional methods that rely on passwords or smart cards alone, and it works well on resource-limited devices because it requires less storage and computing power.

IEEE Xplore (Security & AI Journals)
research
Sep 23, 2025

Recommender systems (platforms that suggest products or services to users) are vulnerable to data poisoning attacks (malicious manipulation of the data the system learns from to make it behave incorrectly). This paper presents METT, a detection method that identifies these attacks even when they are carefully hidden or small-scale, using techniques like causality inference (analyzing cause-and-effect relationships in user behavior) and a disturbance tolerance mechanism (a way to distinguish real attack patterns from false alarms).

IEEE Xplore (Security & AI Journals)

Fix: Update to Codex CLI 0.39.0 or later, which fixes the sandbox boundary validation. The patch now checks that the sandbox boundaries are based on where the user started the session, not on paths generated by the model. If using the Codex IDE extension, update immediately to version 0.4.12. Users on 0.38.0 or earlier should update via their package manager or reinstall the latest version.

NVD/CVE Database

Fix: Update to the August 2025 Cloud-Hosted Flowise version or later, which includes the patch for this vulnerability.

NVD/CVE Database

Fix: This issue has been patched in version 3.0.6.

NVD/CVE Database

Fix: Update to version 3.0.6, which contains the patch for this vulnerability.

NVD/CVE Database
Sep 22, 2025

This research presents a self-supervised learning (SSL, a training method where an AI learns patterns from unlabeled data without human annotations) framework to help soft robots understand their own body position and movement. The key innovation is that the approach uses large amounts of unannotated data to train an initial model, then fine-tunes it with just a small set of labeled examples, requiring only about 5% of the annotated data that traditional supervised learning methods need while achieving better results.

IEEE Xplore (Security & AI Journals)
NVD/CVE Database