All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Robinhood has launched a feature allowing traders to create separate accounts for AI agents (software programs that can make decisions automatically) with dedicated funds to buy and sell stocks. The feature is designed to automate investment decisions like monitoring specific industries or rebalancing portfolios, but Robinhood warns that agentic trading carries significant risk, including potential loss of the entire investment.
IBM Langflow OSS (open-source software) versions 1.0.0 through 1.9.0 has a vulnerability that allows a denial of service attack, which is when an attacker overwhelms a system with requests to make it unavailable. The problem is caused by uncontrolled resource consumption (the system fails to limit how much memory, CPU, or other resources a single request can use).
IBM Langflow OSS (open-source software) versions 1.0.0 through 1.9.1 has a vulnerability that could allow remote code execution (running malicious code on a system from a distance) because it doesn't properly validate symbolic links (shortcuts that point to files) when extracting archive files. This is a path traversal (CWE-22) weakness, meaning an attacker could potentially access or execute files outside the intended directory.
A vulnerability in the Linux kernel's igorplugusb driver (a USB remote control device) allows unsafe memory access because USB request structures weren't following DMA coherency rules (memory access safety requirements when hardware directly accesses system memory). The fix allocates the USB request structure separately to ensure it complies with proper memory coherency standards.
SecurityWeek is hosting the 2026 AI Risk Summit on August 11-12 in Half Moon Bay, California, bringing together security leaders, AI researchers, and policymakers to discuss challenges in AI adoption and security. The conference will cover topics like securing AI systems, adversarial attacks (techniques where attackers try to fool AI models), deepfakes (AI-generated fake media), data protection in AI workflows, and AI governance and compliance.
Pope Leo XIV released an encyclical letter called Magnifica Humanitas warning that AI is not just a technical tool but a system that affects people's rights, opportunities, and freedom when used in processes impacting human lives. The letter was created in partnership with Anthropic, a major AI company, and sparked various reactions from the tech industry.
Cisco partnered with OpenAI to integrate Codex (an AI code generation tool) directly into their enterprise software engineering workflows, treating it as an AI teammate rather than just a developer productivity tool. By using Codex in production environments, Cisco accelerated development on products like AI Defense (a security solution protecting against AI-related risks), compressing work that normally takes quarters into just weeks, while also automating large-scale defect repairs and build optimization across interconnected code repositories.
SymJack is an attack that exploits AI coding agents by tricking them into inserting malicious code into software projects through disguised symlinks (shortcuts that point to files). The attacker controls a code repository and hides malicious instructions in an innocent-looking file request, which the AI agent approves and executes without the developer realizing what's happening, potentially stealing credentials or compromising production systems.
An analysis suggests that parts of Pope Leo XIV's encyclical (a formal letter from the Pope) about AI's dangers may have been written by AI itself, with some sections scoring 40-100% AI-generated according to Pangram, an AI detection tool. The document shows linguistic patterns common in AI writing, such as unusual word frequency that matches Claude, an AI made by Anthropic.
Fix: This vulnerability was resolved in the Linux kernel through commits available at: https://git.kernel.org/stable/c/0adac0ee2c42027d80bac02ea9b576a88f8955d3, https://git.kernel.org/stable/c/0be8fcd9005e3d3b5a61fe34b070a9663adbb4dc, https://git.kernel.org/stable/c/18d6a7c9e4e63c57157e9a57dd9bf3cd38e4c45a, https://git.kernel.org/stable/c/a62ca67e3c72fb297dc7c86495ba8f7329d7f150, and https://git.kernel.org/stable/c/eac69475b01fe1e861dfe3960b57fa95671c132e. Users should update to a patched kernel version containing these fixes.
NVD/CVE DatabaseAI models can now discover zero-day vulnerabilities (previously unknown security flaws) and chain exploits (combine multiple attacks together) faster than organizations can patch them, shrinking response windows from weeks to minutes. To defend effectively, organizations need to operate at machine-speed by focusing on two key areas: reducing the time to identify and fix vulnerabilities, and maintaining visibility across their entire environment including cloud, code, and software supply chains. The Wiz platform helps with this through tools like ASM (attack surface management, which maps all exposed systems and applications) and Red Agent (an AI-based security tester that finds complex vulnerabilities automatically).
Fix: The source describes Wiz's approach to addressing this threat but does not explicitly detail specific patches, versions, or technical mitigations. It recommends using Wiz ASM to reduce attack surface by identifying and remediating exposed vulnerabilities, and leveraging Wiz Red Agent as an autonomous AI-pentester to continuously uncover exploitable vulnerabilities at machine-speed. However, no concrete patching steps, version updates, or specific mitigation techniques are provided in the text.
Wiz Research BlogRevEng.AI, a cybersecurity startup, raised $15 million to develop an AI tool called BinNet that analyzes compiled software binaries (the machine-readable code that actually runs on computers) to find vulnerabilities and backdoors without needing the original source code. The technology aims to secure the software supply chain by verifying what software actually does before it's deployed, which is increasingly important as AI systems are used to write code automatically.
Shadow AI refers to unapproved AI tools that employees use without IT oversight, often gaining access to company data through OAuth (a login system that grants third-party apps permission to access accounts) or browser sessions. Most organizations lack visibility into these tools and don't have governance policies in place, creating a security risk. The article describes a five-step program to manage shadow AI by discovering which tools are in use, creating practical policies, and establishing approved alternatives.
Fix: The source explicitly recommends five steps: (1) Discover shadow AI tools through auditing OAuth connections, scanning browser extensions, identifying AI features in already-approved tools, and conducting employee surveys. (2) Write an AI governance policy that lists approved tools, defines clear data classification rules (specifying which data like customer records and source code should never enter AI tools), confirms data training opt-out status for each tool, and establishes a defined process for requesting new tools. (3-5) The text cuts off before fully detailing steps 3-5, so no additional mitigations are explicitly stated in the provided content.
The Hacker NewsFix: Anthropic hardened Claude Code to resolve symlinks (determine where shortcuts actually point) before asking for approval and display the real destination path in the prompt to the user. The source notes that persuading users to consider before acting on automation requests could help stop SymJack attacks and would be simple for other coding agents to implement.
SecurityWeekAdvanced AI models like Claude Mythos are becoming autonomous cyber-attack tools that can identify vulnerabilities, chain multiple exploits together, and conduct multi-stage attacks with minimal human input, fundamentally changing how cyber offense and defense operate. Major tech companies have formed a defensive coalition (Project Glasswing) to respond to this emerging threat, signaling that AI-powered cyber operations have moved beyond experimentation into real operational capability. This represents a shift in cyber doctrine where speed, scale, and autonomy (the ability of AI to act without human direction) have become the defining factors in cyber conflict.
Tax AI is a system built by OpenAI and Thrive Holdings that uses Codex (a code-generating AI model) to automate tax return preparation for accounting firms, and it improves itself automatically rather than waiting for engineers to manually fix problems. The system learns from real-world use by collecting practitioner feedback, tracking how returns are processed (production traces, or a structured record of inputs and outputs), and using tailored evaluations to continuously refine itself. Within six weeks of launch, the system improved from only 25% of returns being correct enough to need minimal fixes to 86% reaching that standard.
Fix: The source describes the infrastructure that enables self-improvement but does not prescribe a specific fix or mitigation for any problem. No version update, patch, or explicit remediation step is mentioned. N/A -- no mitigation discussed in source.
OpenAI BlogData security posture management (DSPM, tools that help find sensitive data scattered across systems) helps security teams locate hidden data across cloud and on-premises environments to reduce data loss risk. Shadow data (data stored outside official IT oversight) can come from forgotten repositories, cloud containers, or unauthorized AI usage, making it difficult to track and protect. DSPM tools work alongside broader cloud security tools to discover both known and unknown data and manage exposure risks, with the market consolidating through major acquisitions by companies like Palo Alto Networks, IBM, and Varonis.
Anthropic released two new security features for Claude: a self-hosted sandbox that lets Claude Managed Agents (AI systems that can perform tasks autonomously) run code in user-controlled environments like their own servers or managed providers, and a security guidance plugin for Claude Code that scans for vulnerabilities (weaknesses that attackers could exploit) as developers write code. The plugin has reduced security issues by 30-40% in internal testing by catching problems before formal code review.
Fix: Anthropic provides two explicit mitigations: (1) Deploy the Claude sandbox by configuring Claude Managed Agents to execute tools in a user-controlled environment, applying your own network policies, audit logging, and security tooling while keeping files and repositories within your perimeter; (2) Use the security guidance plugin for Claude Code, available through the official Anthropic marketplace, which scans for vulnerabilities during file edits, after AI-generated changes, and at commit time to catch issues before full code review.
SecurityWeekMicrosoft is previewing automatic device isolation in Defender for Endpoint, a feature that uses AI to quickly disconnect compromised devices from the network while keeping them connected to security services, helping contain attacks that move at machine speed. However, a SANS Institute research paper warns that attackers could potentially exploit this feature to disable user accounts if it is not properly configured and tuned. Security experts emphasize that autonomous AI action tools like this must be carefully configured and tested, similar to any other automation capability.
Champion ethical hacker Valentina Palmiotti warns that powerful AI tools like Claude Mythos (an AI model that can find vulnerabilities, or security weaknesses, in software) could soon make human hackers like her unable to compete in bug bounty competitions (where hackers earn money by finding security flaws before criminals do). While she currently uses AI tools like Claude Code to work faster and win prizes at the Pwn2Own hacking competition, she believes advanced AI models will eventually take over most of the easier hacking tasks, leaving only the very best human hackers with opportunities to find new bugs.
TanStack contains a vulnerability that allowed attackers to publish malicious versions of the software to npm (a package repository where developers download code libraries) under the trusted TanStack identity, potentially distributing credential-stealing malware (software that steals login information). This vulnerability is currently being actively exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesDaemon Tools Lite contains a vulnerability (a flaw in software that attackers can exploit) with serious impact on confidentiality (keeping data secret), integrity (ensuring data hasn't been changed), and availability (ensuring systems work properly). The vulnerability is currently being actively exploited by attackers in real-world attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited Vulnerabilities