All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Kiro IDE (an AI agent that runs on your desktop) has a vulnerability where attackers can trick it into writing files to sensitive locations (like .vscode/tasks.json, which automatically runs code when you open a folder), allowing them to execute arbitrary commands (run code they choose). This affects all versions before 0.11.
Fix: Update Kiro IDE to version 0.11 or later.
AWS Security BulletinsGemini Spark is Google's new agentic AI (an AI system that can take independent actions to complete tasks) that goes beyond typical chatbots in handling complex requests like trip planning. Unlike previous AI tools that only handle generic travel suggestions, Spark appears to deliver more detailed and personalized results by actively searching multiple sources and creating comprehensive itineraries.
Over 30 Red Hat npm packages (pre-built code libraries) were infected with malware called Miasma, which automatically runs during package installation to steal developer credentials, authentication tokens, and cloud access information. This is a supply chain attack (an attack targeting software dependencies that many organizations trust) using a self-propagating worm based on the Shai-Hulud malware family. The malware was designed to spread further by stealing publishing credentials that could give attackers access to additional repositories and developer accounts.
This article is a business news roundup covering multiple topics including geopolitical negotiations, stock market movements, and corporate announcements. The only AI-related item is that Anthropic, an AI startup, has confidentially filed paperwork with regulators to prepare for going public (an IPO, or initial public offering, where a private company sells shares to the public), ahead of its rival OpenAI which is also preparing a similar filing.
Travelers Insurance deployed an AI Claim Assistant powered by OpenAI's Realtime API (a system that lets AI have natural voice conversations in real time) to help customers file auto insurance claims after accidents. The assistant guides customers through the claims process 24/7 without wait times, and 85-90% of customers now complete their claims entirely through the AI, freeing human staff to handle more complex cases.
Attackers published a malicious npm package (a software library distribution platform) called codexui-android that appeared to be a legitimate tool for OpenAI Codex users but secretly stole authentication tokens and sent them to an external server. The attack exploited a supply chain gap where malicious code was hidden in the distributed package but not visible in the public source code repository, allowing the package to reach about 27,000 weekly downloads before detection. Security experts warn this reflects a broader vulnerability in AI software security, where developer tokens provide persistent access to accounts and are increasingly attractive targets as AI tools become widespread.
This article describes how small business owners can use AI tools, like Notion AI and Rain, to automate routine administrative tasks such as note-taking, scheduling, invoicing, and inventory management. For example, a tutor uses Notion AI to summarize client meetings and organize teaching materials, while a craft shop uses Rain to generate product descriptions and pricing, reducing listing time by 60 to 80 percent. The article emphasizes that AI works best for repetitive, less creative tasks, though business owners should carefully evaluate costs and whether the tool integrates well with their existing workflow before adopting it.
MLflow 3.9.0 with basic authentication has a missing authorization check bug where three Gateway API endpoints (ListGatewaySecretInfos, ListGatewayEndpoints, ListGatewayModelDefinitions) don't validate user permissions properly, allowing any logged-in user to see sensitive information like API keys and model configurations they shouldn't access.
Anthropic is expanding Project Glasswing, an initiative that uses its AI model Claude Mythos to find and fix critical software vulnerabilities (security weaknesses that attackers could exploit), to about 150 new organizations across 15+ countries in critical sectors like power, water, and healthcare. Claude Mythos can identify thousands of zero-day vulnerabilities (security flaws unknown to vendors or the public) in a few weeks, and the company is scaling access because a successful attack on these organizations' code could affect over 100 million people.
AI is making phishing attacks faster and harder to stop, with attackers using AI to quickly create and rotate phishing infrastructure (fake websites designed to steal login information) across multiple channels like email, social media, and search ads, while employees simultaneously adopt unvetted AI tools that expose sensitive data. Traditional security defenses that rely on blocklists and IOC feeds (indicators of compromise, like flagged domain names and IP addresses) are becoming ineffective because phishing pages now appear and disappear in hours, making them essentially zero-day attacks (previously unseen threats) that blocklists cannot catch in time. The article argues that browsers are now the critical security battleground where both attacker delivery and account compromise occur.
Anthropic is expanding Project Glasswing, a program that uses Claude Mythos (an AI tool for finding security flaws) to help organizations scan their code for vulnerabilities. The initiative is adding roughly 150 new partner organizations from over 15 countries in critical sectors like power, water, and healthcare, after the initial 50 partners identified thousands of vulnerabilities using Mythos.
Fix: Anthropic says Mythos can help with both verification and patching of vulnerabilities. The company is also working with others to 'substantially scale up the reviewing and patching of vulnerabilities in open-source software' and is sharing 'ideas and best practices for disclosing vulnerabilities to open-source maintainers, with the intent of making these reports easier to triage and to act upon.'
SecurityWeekQS-BTrust is a new security protocol designed for Integrated Vehicular Networks (IVNs, which are connected vehicle communication systems) that authenticates broadcast messages while resisting attacks from quantum computers. The protocol combines Physical Unclonable Functions (PUFs, unique digital fingerprints built into hardware), post-quantum digital signatures (cryptographic techniques that remain secure even with quantum computers), and a Hashgraph-based system to verify messages with low overhead and support revoking compromised vehicles without slowing down traffic.
This research addresses a privacy risk in teleoperated robotics (systems where humans remotely control robots by having their movements tracked and converted into robot commands). The problem is that motion-tracking data can leak biometric information (unique physical characteristics) that could allow someone to re-identify the operator. The authors propose using a VAE (variational autoencoder, a type of machine learning model that learns compressed representations of data) to filter out identity-revealing patterns while keeping the motion information needed for the robot to complete tasks.
Researchers discovered a new security vulnerability in graph-based RAG (retrieval-augmented generation, where an AI system pulls information from external knowledge graphs to answer questions) systems used with large language models. Attackers can poison the external database by inserting hidden triggers and false information into the knowledge graph, causing the AI to give wrong answers when those triggers appear in user queries while still answering normal questions correctly. The attack uses three types of triggers at different complexity levels, from simple words to semantic patterns, and tests showed the attack works across multiple AI systems.
This article covers various economic news topics, including Anthropic's confidential filing for an initial public offering (IPO, a process where a private company becomes publicly traded by selling shares to the public) and a report from the European Central Bank showing that gold has become the world's largest reserve asset for countries, surpassing US government bonds. The shift reflects geopolitical tensions driving central bank demand for gold, though some of the change is due to gold's price increasing significantly in recent years.
Healthcare providers are increasingly adopting agentic AI (AI systems that can make autonomous decisions and handle complex tasks without human intervention for each step) to automate administrative work and patient scheduling, with over two-thirds of providers already using it. Unlike earlier digital tools that added burden, agentic AI can handle nuanced scenarios by retrieving information from expert sources and iterating over time, freeing clinicians to focus on patient care. At Hospital for Special Surgery, AI agents reduced insurance claim processing from weeks to automated monthly handling of 1,100 claims, and now manage patient scheduling and triage 24/7 through conversational AI.
Fix: For high-stakes AI decisions, the source explicitly describes safeguards at HSS: 'Sensitive, complex, or uncertain scenarios are escalated to human specialists. Every decision made by the AI agent is auditable and human staff can step in at any point.' The source also notes that 'providers to ensure they have these sorts of guardrails embedded into systems' and mentions HSS uses 'an AI subcommittee' to filter all technology decisions. Additionally, 'Patient data is kept secure and the system is trained on all HSS protocols, policies, and care pathways.'
MIT Technology ReviewFix: A cybersecurity researcher stated that 'enterprises should verify both the provenance of software packages and the consistency between published artifacts and their public source code.' Additionally, organizations should apply 'least-privilege and behavioral monitoring disciplines to AI tools' the same way they do for human user accounts, and maintain 'a complete inventory of what their AI tools can access, what credentials they inherit, and what external services they interact with.'
CSO OnlineThis text discusses how AI can benefit young people through personalized learning and skill development, but emphasizes that companies must build products with safety safeguards by default rather than relying on parents or students to manage risks alone. OpenAI and other organizations are proposing an international youth safety institute to coordinate ongoing research, standards, and guidance across governments, industry, and civil society to keep AI safe and age-appropriate for young users.
Fix: The source proposes establishing either a new international institute or giving an existing national AI institute a global mandate to share research and guidance. It recommends that companies implement two key practices: (1) use 'effective, privacy-preserving age estimation' to identify minors and apply age-appropriate protections by default, and (2) complete 'annual youth safety risk assessments' and implement safeguards based on identified risks, considering developmental stages and empirical evidence from actual use.
OpenAI BlogAndroid Framework has an integer overflow vulnerability (a bug where a number becomes too large for its storage space, causing unexpected behavior) that lets an attacker run code locally and gain higher privileges on a device. This vulnerability is currently being exploited by real attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesCVE-2022-0492 is a privilege escalation (gaining unauthorized higher-level access to a system) vulnerability in the Linux Kernel that exploits a feature called cgroups v1 release_agent. This vulnerability is currently being actively exploited by attackers in the wild, making it a serious threat to systems running affected Linux versions.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Consult with specific vendors for information on patching status.
CISA Known Exploited VulnerabilitiesFlorida filed a lawsuit against OpenAI and CEO Sam Altman, claiming the company marketed ChatGPT to the public while ignoring safety warnings and concealing serious risks, especially to children. The state alleges OpenAI allowed a dangerous product to reach millions of users. This is the first state-level lawsuit against the AI company in the US.