All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
This cybersecurity news roundup covers several major threats: attackers are poisoning AI chatbot search results to trick users into downloading malware that hijacks computer power for cryptocurrency mining; the Grandoreiro banking trojan continues targeting financial institutions despite being a decade old; and a ransomware group called The Gentlemen uses self-propagating malware to automatically encrypt entire networks. Additionally, Let's Encrypt is preparing to adopt Merkle Tree Certificates (a more efficient way to batch multiple digital certificates under one signature) to handle the larger file sizes of post-quantum cryptography, with a test environment launching in late 2026.
Fix: Disconnect Automatic Tank Gauge (ATG) systems from the public internet immediately, according to warnings from CISA, the FBI, the NSA, and other US agencies. For post-quantum cryptography concerns, Let's Encrypt plans to launch a staging environment for Merkle Tree Certificates in late 2026, followed by full production rollout in 2027.
SecurityWeekAnthropic, an AI company, has filed for an initial public offering (IPO, the process of selling company shares to the public for the first time) with a $965 billion valuation and $47 billion revenue run rate, setting up a major test of whether sky-high valuations for AI companies are justified. Analysts say the key metric determining Anthropic's success won't be its valuation but its gross margin (the percentage of revenue left after paying the costs to provide AI services), which the company has kept secret and will likely reshape how the entire industry is valued. The filing could have major impacts on competitors and how enterprises price AI services going forward.
Claude Code, Anthropic's AI coding assistant, stores OAuth tokens (security credentials that prove access permission) in plaintext in a configuration file, and researchers discovered an attack where malicious npm packages (JavaScript libraries) can silently redirect these tokens to attacker-controlled servers before they reach legitimate services like GitHub or Jira. The attack is difficult to detect because the requests appear legitimate in audit logs, and Anthropic has not released a patch despite knowing about the vulnerability since April.
A former OpenAI researcher is now leading AI development at Chinese tech company Tencent, aiming to build AGI (artificial general intelligence, or AI with human-level or above capabilities), marking a shift in how Chinese companies approach AI compared to the U.S. Previously, Chinese firms focused on practical applications while U.S. companies pursued AGI, but as China recruits top talent from Silicon Valley, the companies are adopting the same long-term AGI goals. This contrasts with caution emerging in the U.S., where companies like Anthropic are calling for slower AI development due to safety concerns.
OpenAI Atlas versions before 1.2025.288.15 had a security flaw where privileged browser APIs (special functions that control browser features) were exposed to web content on OpenAI domains, and a cross-site scripting vulnerability (a type of attack where malicious code is injected into a website) on forum.openai.com could be exploited to access browser history and control tabs. The vulnerability was caused by improper access control (failing to properly restrict who can use certain functions).
A US Commerce Department report criticizes NIST (National Institute of Standards and Technology) for a growing backlog of unprocessed vulnerabilities in the NVD (National Vulnerability Database, a catalog of known security flaws). The backlog has worsened due to budget cuts, increased vulnerability discoveries from AI tools, and inefficient coordination between NIST and CISA (Cybersecurity and Infrastructure Security Agency), including duplicated work and failure to share data despite having access to the same public information.
CVE-2026-47644 is an injection vulnerability (a flaw where specially crafted input is not properly filtered before being used by another part of the system) in Microsoft Edge's Copilot Chat that allows an attacker to disclose information over a network without authorization. The vulnerability involves improper neutralization of special elements in output, meaning the system doesn't properly clean or validate data before passing it to other components.
CVE-2026-45497 is a command injection (a flaw where special characters in user input are not properly filtered, allowing an attacker to insert and run unintended commands) vulnerability in Microsoft Copilot that lets an authorized attacker execute code over a network. The vulnerability has not yet received a CVSS score (a 0-10 rating of how severe a vulnerability is) from NIST.
CVE-2026-42824 is a command injection vulnerability (a flaw where an attacker inserts malicious commands into user input that gets executed by the system) in Microsoft 365 Copilot that allows an unauthorized attacker to disclose information over a network. The vulnerability stems from improper neutralization of special elements in commands. A CVSS score (a 0-10 rating of how severe a vulnerability is) has not yet been assigned by NIST.
Attackers exploited Meta's AI customer support agent by tricking it into linking Instagram accounts to email addresses they controlled, showing that AI security risks extend beyond sophisticated attacks to simple social engineering exploits. Psychologist Gloria Mark warns that relying on AI chatbots like ChatGPT and Claude may weaken human attention spans, critical thinking, and emotional intelligence by deferring cognitive work to machines.
Despite rapid adoption of AI tools in security operations centers (SOCs, teams that monitor and respond to security threats), only 10% report excellent value from these investments. The problem is structural: most SOCs deploy off-the-shelf AI without customization or best practices, and individual AI tools don't share information with each other, so analysts still face fragmented workflows even though individual tasks run faster.
Attackers exploited Meta's AI customer support agent by simply asking it to link Instagram accounts to email addresses they controlled, allowing them to steal accounts including a high-profile one. The hack shows that while AI security discussions often focus on powerful AI systems attacking computer infrastructure, the real vulnerability here was that the AI agent itself became a target through direct, straightforward manipulation that should have been caught before deployment.
Fix: The source explicitly mentions two mitigations: (1) Companies can use traditional software to build guardrails that make sure agents follow strict rules, such as always asking for answers to security questions before sending sensitive account information to a new email address. (2) Agents should undergo rigorous red-teaming, a process of testing systems by simulating attacks to find vulnerabilities before they're deployed to users.
MIT Technology ReviewAI tools are being sold increasingly on underground ransomware marketplaces, with sales growing from 38 posts in December 2025 to 1,486 in February 2026. These tools include weaponized LLMs (large language models without safety protections), deepfakes for identity fraud, AI-enhanced malware, and stolen AI accounts, making it easier for criminals to launch attacks at scale. The source notes that while criminal security is weaker than it appears and criminals sometimes steal from each other, ransomware attacks have grown 20% since 2023 and become significantly more profitable.
A UK Labour MP has launched a legal case against Elon Musk's company xAI over harmful content created by their Grok AI tool (a chatbot), including fake sexual images and videos of her. Following this test case, other potential victims have contacted her lawyer to pursue similar legal action against the company.
As AI systems evolve from simple assistants into autonomous agents (AI systems that can make decisions and execute tasks independently), organizations face new security risks because these agents access sensitive systems and data at speeds humans cannot match. The article outlines three principles for secure AI deployment: treat AI agents as privileged identities (accounts with special access permissions) requiring continuous monitoring, secure the entire AI lifecycle from development through production rather than just the initial build phase, and use AI-powered analytics to detect threats in real time across multiple systems.
Fix: Users should upgrade to OpenAI Atlas version 1.2025.288.15 or later, which narrows access to these APIs to only the *.chatgpt.com domain.
NVD/CVE DatabaseFix: The report states that 'NIST must improve the efficiency of enrichment processes to ensure sustainability' and notes that 'before system updates and subsequent process changes were completed in March 2025, NIST refused to use CISA's data.' The source indicates technical updates to the NVD system were needed 'to incorporate CISA's enrichment data because the system lacked the capability to attribute data to specific sources,' and these updates were completed in March 2025, allowing NIST to leverage CISA's data to expedite backlog reduction.
CSO OnlineSolarWinds Serv-U has a vulnerability that allows attackers to crash the service by sending specially crafted requests with a specific header (Content-Encoding: deflate) without needing to log in first. This flaw is currently being exploited by attackers in the real world.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See SolarWinds security advisories and release notes (Serv-U 15.5.4 Hotfix 1) for specific patching details.
CISA Known Exploited VulnerabilitiesCrowdStrike CEO George Kurtz stated that growing concerns about AI-powered cyber threats are creating business opportunities for his company, as enterprises seek security solutions to safely deploy AI across their organizations. He noted that demand for CrowdStrike's AI Detection and Response platform (a tool that finds and responds to AI-related security attacks) is accelerating, with the company's second quarter pipeline exceeding $50 million and growing 250% sequentially. Kurtz argued that AI is actually increasing the need for cybersecurity by making attackers more sophisticated, rather than reducing it.
Anthropic co-founder Jack Clark warns that AI is advancing so rapidly it could soon develop without human control, and he calls for a regulatory 'brake pedal' (a way to slow or pause AI progress) to keep society in control of these increasingly powerful systems. He notes that Anthropic's Claude chatbot already writes 80% of its own code, and reaching 100% is possible within two years, which would have major implications for society.
Gartner analysts warn about four critical threats where attackers currently have an advantage, including deepfakes (AI-generated fake videos or images) and prompt injection (tricking an AI by hiding malicious instructions in its input). The analysts are urging organizations to strengthen their security defenses against these emerging threats.
Microsoft's AI Red Team updated their taxonomy of failure modes in agentic AI systems (AI systems that can autonomously perform tasks) from v1.0 to v2.0 based on 12 months of real-world security testing. The update added seven new failure mode categories, including agentic supply chain compromise (injecting malicious instructions into tool registries), goal hijacking (redirecting an agent's objectives through disguised commands), and inter-agent trust escalation (one compromised agent deceiving others about its permissions). The revision was driven by rapid adoption of open-source agentic frameworks, widespread vulnerabilities in tool ecosystems, and the emergence of computer-use agents that interact with graphical interfaces.