All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
A sandbox escape vulnerability in nono (a sandboxing tool using Landlock/seccomp, which are Linux security features that restrict what programs can do) allows processes running inside the sandbox to break out by communicating with systemd D-Bus sockets (the inter-process communication system that manages user services). An AI agent or untrusted tool with bash access could exploit this to write files or run commands outside the sandbox with the user's permissions.
Fix: The source states: 'Support for restricting this behavior has since been added and the fix is available in the repository pending release.' However, no specific version number, patch details, or explicit mitigation steps are provided in the text.
GitHub Advisory DatabasevLLM version 0.14.1 has a security flaw where a setting called `trust_remote_code` is permanently turned on in two model files, even when users try to turn it off. This allows RCE (remote code execution, where attackers can run harmful code on your computer) through malicious models downloaded from HuggingFace, a popular model repository. This is a partial fix attempt for two earlier vulnerabilities that didn't fully solve the problem.
OpenTelemetry Go's `ParseFile` function has a file descriptor leak (a reference to an open file that is never closed), where each call to parse a schema file leaves the file open in memory. In a long-running application that repeatedly parses schema files, these open files can accumulate until the process runs out of available file descriptors and crashes, causing a denial of service (unavailability).
Geordie, an AI security startup, raised $30 million to expand its platform that helps organizations monitor and control AI agents (AI systems designed to complete tasks independently) deployed across their systems. The platform provides real-time visibility into agent behavior and risks, while its Beam tool uses context engineering (a technique that shapes how AI systems understand and respond to instructions) to constrain agent behavior at scale.
A removed safety check in OpenTelemetry Go's baggage parsing (the mechanism for passing contextual data between services) allows attackers to send extremely large or malformed baggage headers that consume excessive CPU and memory while being fully processed and logged, creating a denial-of-service vulnerability. The parser no longer rejects oversized inputs upfront and instead processes every invalid member completely, sending errors to the logging system by default.
Anthropic is releasing Claude Opus 4.8, a new AI model designed to be more 'honest' by better recognizing when it doesn't have enough information to answer confidently. The model addresses a common problem where AI systems make unsupported claims (stating things as fact without solid evidence), and early testers found that Opus 4.8 is about 4 times less likely to do this compared to its predecessor.
Apple is planning a major redesign of Siri, its voice assistant, for iOS 27, which may feature a ChatGPT-like chat interface. The redesign shows a pill-shaped chat bubble that appears from the Dynamic Island (the notch area on iPhones) with options to choose between Ask, Siri, and ChatGPT, though Apple has not officially confirmed these details and the final design may differ.
Wassym Bensaid, Rivian's chief software officer, leads both Rivian's internal software development and RV Tech, a joint venture with Volkswagen that builds the operating system and electrical architecture for future electric vehicles from Volkswagen Group brands. Rivian recently launched an AI-powered voice assistant in its R1 vehicles and is preparing to release the R2, the first car built on the new shared architecture developed through the joint venture. The article discusses how Rivian is moving toward AI-powered, agent-like software platforms in cars while reducing reliance on traditional physical controls and Apple CarPlay integration.
This bulletin covers multiple security incidents including a privilege escalation flaw in Azure Backup for AKS (a Kubernetes container management system) with a CVSS score of 9.9, a massive network of 1,350 command-and-control servers (systems attackers use to control compromised computers) discovered across Middle Eastern infrastructure providers, and a supply chain attack on DAEMON Tools software where attackers compromised legitimate signed binaries (executable files verified as authentic). The incidents highlight ongoing vulnerabilities in cloud services, infrastructure, and software distribution systems.
Attackers are increasingly using AI agents (autonomous software that can act independently) to find and exploit security vulnerabilities much faster than before, with the time from a vulnerability becoming public to actual attacks dropping from 2.3 years in 2018 to about 10 hours in 2026. Organizations continue to suffer breaches due to common problems like misconfigurations (incorrect security settings), unpatched systems (software without the latest security fixes), and identity sprawl (too many user accounts and access permissions), not because they lack awareness of these issues but because fixing them at scale is difficult.
Endava, a software contracting firm, uses Codex (an AI tool for code generation and software development) to transform into an 'agentic organization' where AI agents work alongside teams throughout project lifecycles. The tool enables small teams to deliver large amounts of work faster by codifying senior expertise into guidance for junior developers, compressing weeks of sequential analysis and design work into days, and improving knowledge transfer across the organization.
CVE-2026-46236 is a vulnerability in the Linux kernel's Xbox remote driver where a DMA (direct memory access, a way hardware directly reads/writes system memory) buffer was incorrectly placed inside a device structure, violating DMA coherency rules that ensure data stays consistent between the CPU and hardware. The fix involves moving this buffer to a separate location outside the device structure to comply with DMA requirements.
A vulnerability in the Linux kernel's graphics driver (drm/xe) causes a memory leak when allocating GPU buffer objects fails. Specifically, when drm_gpuvm_resv_object_alloc() encounters an error, the pre-allocated storage buffer object (bo, a chunk of GPU memory) is not properly freed, wasting memory resources.
A bug in the Linux kernel's Apple keyboard driver caused the system to crash when trying to lock a mutex (a synchronization tool that prevents simultaneous access to shared resources) from unsafe contexts like interrupt handlers. The driver was trying to dim the keyboard backlight from both a timer callback and event handlers, which run in atomic context (where blocking operations aren't allowed), triggering a "sleeping function called from invalid context" error.
Nebius, a cloud provider that supplies GPUs (graphics processing units, the specialized chips used to train AI models), saw its stock rise after a hedge fund founded by a former OpenAI researcher disclosed a 5.6% ownership stake in the company. Nebius has become a major provider of AI computing infrastructure in Europe, recently securing major partnerships including a $27 billion deal with Meta and a $2 billion investment from Nvidia.
GreyVibe is a Russia-linked hacking group that uses AI tools like ChatGPT and Google Gemini across all stages of attacks, from creating fake websites to building custom malware, targeting Ukrainian military and government entities since August 2025. Although the group appears less sophisticated than elite state actors (evidenced by design flaws in their AI-generated malware and casual naming conventions), they leverage AI to operate at a much higher capability level than their technical skill would normally allow. Researchers expect GreyVibe's AI expertise and attack complexity to continue increasing over time.
AI agents (AI systems that can take actions by using external software tools) aren't inherently dangerous, but the risk comes from how they're set up and deployed in organizations. The main concern is the overlap between what the AI can do and what tools it has access to, which can create security vulnerabilities if not managed carefully.
Fix: For the Azure Backup for AKS vulnerability: Microsoft has patched the flaw and enforced additional validation checks that did not exist in March 2026. For the DAEMON Tools supply chain attack: CISA requires Federal Civilian Executive Branch agencies to apply necessary fixes by May 30, 2026, and the incident is tracked as CVE-2026-8398.
The Hacker NewsA LayerX Security report shows that enterprise AI risk is not spread evenly across workers but is concentrated among a small group of "power users" (employees who use AI much more frequently and deeply than average) and a few dominant platforms like ChatGPT and Copilot. While most employees use AI casually, the top 5% of users generate far more AI conversations and sensitive data exposure, and AI tools are fragmenting across many unmanaged platforms like personal accounts and browser extensions, making it hard for organizations to see and control where their data goes.
Organizations are rapidly adopting AI agents (autonomous systems that can execute tasks and make decisions without human intervention), but this creates serious security risks that traditional defenses cannot match. Threat actors are developing agentic attacks (cyberattacks powered by AI that learn and adapt autonomously) that move faster than human security teams can respond, while AI agents themselves lack the judgment to avoid harming their own enterprises. The security industry must evolve from manual fixes to automated, scaled remediation strategies to defend against machine-speed attacks.
Fix: The vulnerability was resolved in the Linux kernel through commits available at: https://git.kernel.org/stable/c/0bd8ac88ec5f74cd0f4b8cfc54f4cc0827007249, https://git.kernel.org/stable/c/0cc9251833bf02c8c7863404157c94dab5928fcf, https://git.kernel.org/stable/c/48a668c22e8f92637bc496e84d1cf06900f74a5c, https://git.kernel.org/stable/c/63a960b39de9c51f29ca19aa5067934f865c0bc7, and https://git.kernel.org/stable/c/e280d1e5e3f2595bbb43fe6e1bce00c59a43c0ff. Users should update their Linux kernel to a version containing one of these commits.
NVD/CVE DatabaseFix: Add xe_bo_free(storage) before returning the error in xe_dma_buf_init_obj(). Additionally, add comments documenting ownership semantics to clarify that on success, ownership transfers to the returned drm_gem_object, and on failure, storage is freed before returning. This fix was applied in commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9.
NVD/CVE DatabaseFix: The fix converts the inactivity timer from a struct timer_list to a struct delayed_work (a mechanism that schedules code to run safely in process context), and adds a dedicated struct work_struct restore_brightness_work. This allows backlight_device_set_brightness() calls to happen in process context where mutex_lock() is legal. Both works are cancelled synchronously during driver tear-down.
NVD/CVE DatabaseMany organizations are deploying AI agents (autonomous software systems that make decisions with minimal human oversight) without proper observability (visibility into how they work) or governance processes, creating serious risks. The article highlights that 54% of surveyed organizations cannot fully trace what their agents are doing, and traditional security tools were designed to detect human anomalies rather than rogue agents, making them ineffective for agent monitoring.
Fix: According to the source, organizations should implement: least-privilege scoped tool permissions (limiting what actions agents can perform), policy enforcement layers that review every prompt and tool call, end-to-end tracing (detailed logs that record prompts, tool calls, and downstream actions), and tiered autonomy (giving agents free rein on low-stakes tasks while requiring human approval for consequential decisions). The source also emphasizes that organizations need centralized agent inventory and governance layers, and must collect detailed execution traces to enable transparency and make governance signals actionable.
CSO Online