All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
OpenAI's frontier models (advanced AI systems) and Codex (a code-writing AI tool) are now available through AWS, Amazon's cloud computing platform. This integration lets companies use OpenAI's AI tools within their existing AWS environments, reducing obstacles related to security reviews, approval processes, and getting AI systems ready for real-world use. Future additions will include Daybreak, a specialized tool designed to help security teams find and fix vulnerabilities in software during development.
Attackers compromised the popular npm package codexui-android (which provides a remote interface for OpenAI Codex, a code-writing AI tool) and embedded malicious code that secretly steals authentication tokens (login credentials) from users and sends them to an attacker-controlled server. The stolen tokens, especially the refresh_token (which never expires), allow attackers to impersonate users indefinitely and access everything their Codex account can do.
Runway, an AI company valued at $5.3 billion that builds world models (AI systems trained on audio, images, video, and real-world data to understand the physical world), is expanding to London with over $200 million in investment by 2028, joining other major U.S. tech companies like OpenAI and Anthropic in establishing European operations. The expansion aims to serve major European clients and tap into London's talent pool for research in world models and video generation tools.
A vulnerability called OS command injection (a flaw that lets attackers run unauthorized system commands) was found in the Bash Tool component of chatgpt-on-wechat software versions up to 2.0.8. The vulnerability exists in the _get_safety_warning function and can be exploited remotely, meaning an attacker doesn't need direct access to the affected system. This weakness has been publicly disclosed and could be actively exploited.
Fashion companies are increasingly using generative AI (machine learning technology that creates new images) to produce digital models and product imagery instead of hiring human models or photographers. One Australian retailer emphasized that AI-generated images should be clearly labeled and show products accurately, while a fashion designer noted that these tools can help small brands work more efficiently while maintaining quality standards.
Researchers discovered Greyvibe, a Russia-aligned crime group that uses large language models (LLMs, AI systems trained to generate text) extensively throughout its cyberattacks against Ukrainian targets, including government and military organizations. The group has used generative AI to create spear phishing emails (fraudulent messages pretending to come from trusted sources), malicious scripts, and custom malware programs like PhantomRelay and LegionRelay (remote access trojans, or RATs, which are tools that let attackers control compromised computers). Greyvibe has conducted multiple campaigns since August 2025 using various attack methods, from fake websites to ClickFix-style attacks (tricks that convince users to run malicious commands on their computers).
A cybersecurity researcher named Nightmare Eclipse and Microsoft had a public conflict over responsible disclosure practices, with the researcher publishing vulnerability details after claiming Microsoft ignored his reports, while Microsoft argued that uncoordinated disclosures (releasing bug information before patches are available) create unnecessary risk for users. Tom Gallagher, a Microsoft security executive, acknowledged the debate over whether current patching practices fit today's landscape but stated the company is not currently changing its policies, though it will continue to evaluate them.
PraisonAI (a framework for building AI agents) versions 4.6.37 and earlier have a vulnerability where hidden metadata in webpages can trick AI agents into writing files to any location on a system. The bug happens because the `write_file` function skips path validation (checking whether a file path is safe) when the workspace parameter is `None`, which is the default in production environments.
PraisonAI's example A2A server (a type of agent-to-agent communication system) has a critical vulnerability where unauthenticated remote clients can execute arbitrary Python code. The vulnerability exists because the example exposes the server without authentication, binds it to all network interfaces (0.0.0.0), and registers a 'calculate' tool that uses Python's eval() function (which executes any code passed to it as a string). An attacker can send a specially crafted request that tricks the AI model into calling this unsafe tool, leading to RCE (remote code execution).
PraisonAI has a security vulnerability where unauthenticated users can read any file on the system through multiple handlers like `workflow.show`, `workflow.validate`, and `deploy.validate`. The problem exists because these file-handling tools don't validate or restrict file paths before reading them, and the dispatcher that calls these tools doesn't enforce security checks on incoming requests.
A 2025 report on cybersecurity leadership reveals that many organizations have significant security gaps, with one-third of security leaders saying their data isn't adequately protected and 58% unprepared for cyberattacks. The article identifies six critical gaps, including CISOs viewing security as an IT protection problem rather than a business resilience issue, security teams moving too slowly compared to attackers who exploit vulnerabilities almost immediately, and the challenge of keeping security pace with rapid business changes.
NVIDIA and Check Point are collaborating to develop security tools for large-scale AI systems, including private LLM (large language model) environments and distributed inference systems (where AI models run across multiple computers). As organizations build bigger AI infrastructure with more interconnected components, they need better security to protect sensitive data and prevent unauthorized access across these complex systems.
CrowdStrike is launching AI Discovery and Governance for Falcon for IT to help organizations find and control AI tools across their infrastructure, addressing the risk of shadow AI (unsanctioned AI systems and locally deployed models running without centralized oversight). Shadow AI expands the attack surface because these systems inherit existing permissions and can access data and credentials, but many organizations lack visibility into where AI is running or what it can access. The new capability gives security teams visibility into AI tools, local model runtimes, SDKs (software development kits, code libraries for building applications), and external AI service integrations at the endpoint layer, enabling them to discover, assess, and govern AI use.
Fix: Organizations should use AI Discovery and Governance for Falcon for IT to "identify, assess, and govern AI technologies across enterprise environments" and to "discover AI use, understand associated risk, and take action from the CrowdStrike Falcon platform." The source states that "Falcon for IT enables teams to take direct action at the endpoint and infrastructure layer. They can use it to remove unauthorized software, enforce configurations, remediate system issues, and contain endpoints."
CrowdStrike BlogFix: Upgrading to version 2.0.9 is capable of addressing this issue. The patch is identified as 16d9b449c9aa53ccee44144a762a2737d7ba4fc4.
NVD/CVE DatabaseOracle WebLogic Server contains an unspecified vulnerability that allows unauthenticated attackers (attackers without login credentials) to gain unauthorized access to sensitive data through network protocols called T3 and IIOP (Inter-Internet ORB Protocol, a communication standard for distributed systems). This vulnerability is actively being exploited by attackers in the wild.
Fix: Apply mitigations per vendor instructions from Oracle's security alerts, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See https://www.oracle.com/security-alerts/cpujul2024.html for vendor-specific patches and remediation steps.
CISA Known Exploited VulnerabilitiesSome wealthy tech leaders, including Sam Altman of OpenAI and Elon Musk, are promoting a 'transhuman' vision where humans and AI merge or AI becomes the dominant species. Altman warns that if humans and AI both compete for dominance, conflict could result, while Musk suggests humanity's main purpose is to create advanced digital intelligence.
This article examines how business leaders manage cybersecurity governance (the policies and processes that control how organizations handle security) by interviewing 31 financial sector executives. It identifies three main challenges: unclear responsibility and decision-making authority, misalignment between overall strategy and day-to-day security operations, and confusion about roles and expectations. The authors propose a CROA framework (cybersecurity responsibility, ownership and accountability) along with seven recommendations and a self-assessment tool to help executives strengthen organizational resilience (an organization's ability to withstand and recover from security incidents).
Anthropic published documentation explaining how they use multiple containment techniques to restrict what Claude can do across their products. They use process sandboxes (isolated execution environments), virtual machines (complete simulated computers), filesystem boundaries (limiting file access), and egress controls (preventing unauthorized data transfer) to prevent AI agents from accessing credentials, exfiltrating data (stealing information), or reaching unintended systems, even if a user, the AI model, or an attacker tries to find workarounds.
Fix: Anthropic implements containment through: gVisor for Claude.ai, Seatbelt (macOS) and Bubblewrap (Linux) for Claude Code, and full VMs using Apple's Virtualization framework (macOS) or HCS (Windows) for Claude Cowork. They also prevent credentials from entering sandboxes in the first place, ensuring they cannot be exfiltrated regardless of how an agent tries to access them.
Simon Willison's WeblogResearchers have developed a technique called Model X-Ray that can detect hidden malware embedded in AI model weights (the numerical parameters that make up a trained AI system) using few-shot learning (training a detector with only a small number of examples). This work addresses a security risk where attackers could hide malicious code inside AI models that might go undetected during normal use.
Pope Leo XIV released a major teaching warning about AI's harms, including job displacement, accelerated warfare, and environmental exploitation. Anthropic co-founder Chris Olah spoke at the Vatican ceremony, which some experts criticize as potentially creating superficial 'feelgood' messaging rather than substantive critical examination of AI risks.
Researchers developed a new AI model called a Multi-Frequency Temporal Spatio-Transformer that can detect when attackers try to break into Internet of Things devices (IoT, everyday connected devices like smart home sensors). The model is designed to remain accurate even when attackers deliberately try to fool it using adversarial attacks (techniques that manipulate input data to trick AI systems into making wrong predictions). This research addresses the challenge of keeping IoT network security systems reliable against sophisticated attacks.
Fix: Set a default workspace directory and validate that file paths stay within it. The fix involves: (1) replacing `None` workspace with the current working directory using `workspace = os.getcwd()`, and (2) checking that the absolute path stays within the workspace using `is_path_within_directory(abs_path, workspace)` before writing, returning an error if the path is outside the workspace.
GitHub Advisory Database