All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
The MasterStudy LMS Pro Plus plugin for WordPress has a SQL injection vulnerability (a weakness that lets attackers insert malicious database commands) in the 'columns' parameter affecting all versions up to 4.8.20. Attackers with instructor-level access or higher can exploit this due to insufficient escaping (failing to neutralize special characters) and lack of prepared statements (a safer way to build database queries) to extract sensitive data from the database.
Silicon Valley tech companies spent tens of millions of dollars on California political campaigns to influence candidates and gain regulatory leverage, particularly to fight against AI regulation and taxation while promoting AI growth. The tech industry views having favorable candidates in office as essential to maintaining business dominance and avoiding restrictions on their operations.
OpenAI CEO Sam Altman is meeting with U.S. lawmakers and Trump administration officials in Washington, D.C. to discuss a new executive order requiring AI companies to voluntarily give the government access to their models for up to 30 days before release. Altman publicly supports the order, saying it strikes the right balance between developing safe AI models and providing cybersecurity tools to trusted defenders.
Morgan Stanley is opening its wealth management platforms (ShareWorks and Equity Edge) to AI agents (autonomous software that can make decisions and take actions without human input) from corporate clients, allowing these agents to access data directly without using traditional human-focused interfaces. The bank plans to expand this access to 3,400 clients by next year, using the Model Context Protocol (an open-source standard that lets AI models connect to data sources). This move reflects Wall Street's shift toward AI agents handling tasks that software users currently perform manually.
Microsoft announced new AI initiatives at its Build conference, including in-house reasoning models (AI systems designed to work through problems step-by-step) and AI agents (software that can perform tasks autonomously), signaling it is moving toward independence in the AI market. The company's partnership with OpenAI, which previously dominated Microsoft's AI strategy, effectively ended in late April, though Microsoft still provides cloud computing services (the remote servers that store and process data) to OpenAI.
Director Martin Scorsese announced he invested in and advises Black Forest Labs, a company that creates text-to-image generative AI (AI that produces images from written descriptions), which he uses to make storyboards (visual plans for film scenes). This decision has caused backlash from other film industry professionals, though Scorsese defends the practice by saying it helps him communicate his creative vision to actors and crew more quickly.
Meta is launching Meta Business Agent, an AI tool that helps businesses of any size respond to customer questions, recommend products, and book appointments through WhatsApp, Messenger, and Instagram. The feature will be available through a paid subscription tier as Meta tries to reduce its dependence on advertising (which currently makes up 98% of its revenue) and compete with other AI companies like OpenAI and Google.
Uber has implemented a $1,500 monthly spending cap per employee on agentic coding tools (AI systems that can independently write and execute code, like Claude Code and Cursor) to control costs after exhausting its 2026 AI budget in just four months. The policy limits spending on each tool separately, meaning an employee can spend up to $1,500 on one tool and another $1,500 on a different tool, which works out to roughly 11% of a typical software engineer's yearly salary in AI tool costs.
Wasmer engineers used Codex (an AI code generation tool) to build Edge.js, a JavaScript runtime that runs Node.js workloads inside WebAssembly (a low-level code format that runs in sandboxes for security and portability). What would have taken one year to build was completed in two weeks, allowing a small team to tackle a project previously only feasible at large companies.
Microsoft has released new security tools to control autonomous AI agents (software programs that can independently take actions like accessing files and running code) as companies adopt them in development workflows. The main offering is Microsoft Execution Container (MXC), a sandbox (an isolated environment that restricts what a program can do) that lets developers set boundaries on what resources and files agents can access. Microsoft also updated MDASH (a vulnerability research system using multiple AI agents to find security flaws) and introduced open-source governance tools to address risks from agents having too much autonomy.
A vulnerability in Google Gemini's Android voice assistant could be hijacked through poisoned notifications from apps like WhatsApp or Slack, allowing attackers to manipulate what Gemini says, open windows, fake messages, or launch apps without needing malicious software on the phone. The attack works by treating hostile notification text as instructions the assistant should follow. Google has already patched this vulnerability, and there is no evidence it was exploited in the real world.
Fix: Google has since patched it.
The Hacker NewsElon Musk's AI company xAI is asking a court to force four people who claim Grok (an AI chatbot) was used to create sexual deepfake images of them to reveal their real names in a lawsuit, despite their concerns about harassment and privacy. The plaintiffs, currently identified by pseudonyms like "South Carolina Doe," say they already suffered emotional distress from the deepfakes, including one targeting a child, and fear further harm if their identities become public.
This research paper presents a framework for understanding how reinforcement learning-based cyber agents (AI systems trained to make decisions by trial and error in cybersecurity contexts) make their decisions. The authors developed a multi-layer approach to explain the "black box" problem (the difficulty in understanding why AI systems reach certain conclusions), which is important for security experts to verify that these AI agents are operating correctly and safely.
A UK Labour MP is suing Elon Musk's AI company after its Grok tool (a generative AI chatbot) was used to create non-consensual sexualized images of her, part of a broader problem of fake intimate images being generated and shared on X. The MP described seeing herself depicted in inappropriate ways without permission as deeply violating.
Google's new Gemini AI agent called Spark demonstrates impressive capability by accessing personal information like pet names and family members' identities without users explicitly sharing them, raising privacy concerns. The article argues that while AI companies promote these tools as solutions to improve productivity, they may be missing more important societal problems that actually need fixing.
A former police officer named Christi Hill was falsely identified on social media and AI platforms, including Grok (an AI chatbot), as being involved in an arrest related to a murder case, forcing her to go into hiding. The false identification spread across multiple platforms, demonstrating how AI systems can amplify misinformation by misidentifying people in real-world situations.
OpenAI introduced an updated GPT-Rosalind model designed specifically for life sciences research at enterprise scale, combining advanced coding abilities with stronger performance in drug discovery areas like medicinal chemistry and genomics. The update was evaluated using LifeSciBench, a new benchmark that tests AI performance across six key research workflows including evidence analysis, scientific reasoning, and experimental design. The content also includes detailed technical feedback on limitations in a micro-dystrophin research study, with specific recommendations for improving experimental methods.
Fix: For the micro-dystrophin expression study's identified problems, the source explicitly recommends: (1) for Western blot quantification, "use a recombinant micro-dystrophin standard and an orthogonal method that distinguishes transgene from endogenous dystrophin, such as targeted mass spectrometry or a transgene-specific/epitope-specific assay"; (2) for immunofluorescence, "repeat IF with an antibody against an epitope present in the transgene but absent from revertant dystrophin" and "quantify transgene-positive fibers separately from revertant fibers"; (3) for surrogate endpoint validity, "empirically validate the relationship between micro-dystrophin mass-percent, sarcolemmal localization, downstream functional restoration, and clinical benefit before treating expression as a surrogate endpoint"; and (4) for biopsy design, use matched bilateral sampling strategies that account for spatial variability and disease progression.
OpenAI BlogA security study of 100 AI agents found that only 11 are both capable and well-defended, with 98% suffering from the 'lethal trifecta' (private data access combined with exposure to untrusted content combined with ability to take outbound actions, creating too much power with too little control). Computer agents and coding agents pose the greatest security risks because they have wide system access and users cannot see or reliably control what actions they actually take between receiving a task and completing it.
Fix: Uber instituted monthly spending limits of $1,500 per employee per AI coding tool. According to the source, these limits 'have been instituted in recent months' and apply specifically to agentic coding software such as Cursor and Claude Code, with separate budgets maintained for each tool.
Simon Willison's WeblogGoogle Gemini's voice assistant had a prompt injection flaw (a vulnerability where attackers hide malicious instructions in input data) that allowed attackers to embed harmful commands in notifications. This could trick users into performing unwanted actions through social engineering (manipulating people into revealing information or taking harmful actions).
Fix: Microsoft Execution Container (MXC) is positioned as the primary mitigation. According to the source, "MXC is a sandboxed code execution system for running untrusted code (model output, plugins, tools) on Windows, Linux, and macOS" that "provides multiple containment backends — from OS-native process sandboxes to full VMs — behind a unified JSON configuration schema and TypeScript SDK." The source states MXC is "a policy-driven execution workflow that lets developers specify what an AI agent can access, such as files, networks, resources, credentials, and then enforces those boundaries at runtime." Integration with Agent 365 will bring additional controls from Defender, Entra, Intune, and Purview to agent environments.
CSO OnlineSam Altman, CEO of OpenAI, has been invited by French President Macron to attend the G7 conference in June 2026, where AI is expected to be a major topic of discussion. OpenAI plans to focus on youth safety, frontier AI risks (particularly cyber and biological threats), and getting tech companies to make voluntary commitments to responsible AI development. This invitation is part of Macron's broader effort to attract major tech companies and investment to France's AI infrastructure.