All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Daemon Tools Lite contains a vulnerability (a flaw in software that attackers can exploit) with serious impact on confidentiality (keeping data secret), integrity (ensuring data hasn't been changed), and availability (ensuring systems work properly). The vulnerability is currently being actively exploited by attackers in real-world attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesGitLab MCP Server (a tool that lets AI agents interact with GitLab) had a critical security flaw in versions before 0.6.0 where its HTTP transport exposed an unauthenticated endpoint (a service that processes requests without checking who is calling it) to any website, combined with a misconfiguration that made it accessible from all network interfaces instead of just locally. This allowed attackers from anywhere to make changes to GitLab repositories using the server operator's stored credentials.
Pope Leo XIV released an encyclical (a formal church letter) warning that artificial intelligence could displace workers, increase inequality, and remove humans from lethal weapons decisions, but Trump administration officials disagreed on how to respond. Interior Secretary Doug Burgum dismissed the pope's concerns as outside his role, while Vice President JD Vance praised the message as important moral leadership, highlighting a split in the administration over whether AI should face stronger oversight or remain deregulated for competitive advantage.
Pterodactyl's Client API has a race condition (a security flaw where multiple requests happening simultaneously interfere with each other) that allows users to create more databases than their assigned limit. The vulnerability exists because the database locking mechanism in the code calls a Laravel function that doesn't actually lock anything, since it's missing a required terminal method like count() or get().
Typebot.io has a stored XSS (cross-site scripting, where malicious code is saved and runs when users view it) vulnerability in its chatbot viewer that allows bot creators to embed javascript: URIs in text links. When visitors click these links, the JavaScript executes in their browser with access to cookies and session tokens from the host website.
Typebot has a stored XSS (cross-site scripting, where attackers inject malicious code into a web page) vulnerability in its rating block's custom icon feature. The vulnerability allows attackers to execute arbitrary HTML and JavaScript in the builder's preview by crafting a malicious typebot, potentially leading to session hijacking and unauthorized access to the builder application. This bypasses the sandbox protection that normally prevents untrusted code from running in the builder.
Vowpal Wabbit, a machine learning system, has a vulnerability in its GitHub workflow file where pull request titles are inserted directly into bash commands without proper protection. An attacker can craft a malicious pull request title with shell commands that will execute on the build system before Python runs, since the shell processes the string first. Since pull requests can be opened on any branch without special permission, anyone can trigger this attack.
NVIDIA Transformers4Rec for Linux has a vulnerability where attackers can exploit improper deserialization (unsafe processing of data that was converted into a storable format) of untrusted data, potentially leading to code execution (running commands on the system), data tampering, and information disclosure. The vulnerability is tracked as CVE-2026-24162 and a CVSS score (a 0-10 rating of how severe a vulnerability is) has not yet been assigned by NIST.
Microsoft Copilot Cowork had a security flaw where its agents (automated systems that perform tasks) could send emails to users without approval, and these emails could contain external images that leak data when opened. An attacker could use prompt injection (tricking the AI by hiding instructions in its input) to make the agent create download links to files on OneDrive, allowing the attacker to steal those files.
Many organizations want to adopt agentic AI (AI systems that can independently execute complete workflows with minimal human input), but 76% say their current operations cannot support this change. The problem is that most companies are simply adding AI agents onto existing human-centered business models rather than fundamentally redesigning their operations, technology, workflows, and decision-making systems to work with AI as an integrated part of the organization.
A vulnerability (CVE-2026-9540) was found in vllm version 0.19.0 that affects the OpenAI-compatible Serving Path component and can be exploited remotely to cause a denial of service (making a service unavailable by overwhelming it). The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.5 (medium severity), and a public exploit is already available.
The Megalodon campaign used compromised credentials to inject malicious commits into over 5,500 GitHub repositories, modifying GitHub Actions workflows (automation tools that run code tasks) to steal sensitive secrets like cloud credentials and SSH keys (authentication files). The attack hid malicious code in base64-encoded bash payloads (encoded script commands) and used fake author names like "build-bot" to disguise itself as routine maintenance, with researchers detecting unexpected workflow runs as a warning sign.
Google CEO Sundar Pichai discusses major AI changes coming to Google Search and YouTube, including new Gemini models (advanced AI systems for generating text and understanding information) and AI agents that can perform tasks rather than just deliver search results. These changes will likely reduce traffic to websites from Google Search, a phenomenon the interviewer calls 'Google Zero,' forcing publishers and content creators to adapt their business strategies.
Check Point launched a proactive Frontier AI Models Readiness Program to protect their products against threats from increasingly capable AI systems that could help attackers find and exploit vulnerabilities. The program involved scanning their code with AI tools, reviewing security, strengthening weak components, and speeding up their ability to create and release security patches.
This article discusses the competitive race between Elon Musk's SpaceX and Sam Altman's OpenAI as both companies move toward initial public offerings (IPOs, which is when a private company sells shares to the public for the first time). The piece highlights how a small group of tech leaders is gaining increasing influence over the future direction of artificial intelligence development.
TanStack contains a vulnerability that allowed attackers to publish malicious versions of the software to npm (a package repository where developers download code libraries) under the trusted TanStack identity, potentially distributing credential-stealing malware (software that steals login information). This vulnerability is currently being actively exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesFix: Update GitLab MCP Server to version 0.6.0, which fixes the vulnerability.
NVD/CVE DatabaseCompanies need strategies for using agentic AI (AI systems that can plan and execute multi-step tasks independently), but security tools to safely deploy these systems are still being developed. The main obstacle preventing wider adoption is the lack of proven security solutions to protect enterprises from risks that agentic AI introduces.
Fix: The source proposes filtering `javascript:` URIs before rendering anchor tags using this function: `const safeUrl = (url: string) => /^javascript:/i.test(url.trim()) ? '#' : url`, then use `<a href={safeUrl(elementDescendant.url as string)} ...>`. Alternatively, the source recommends using a URL allowlist that only permits `https:`, `http:`, `mailto:`, and `tel:` schemes.
GitHub Advisory DatabaseFix: This vulnerability is fixed by commit 998e390e80a7e8192d7849b7784bc113dbd190ad.
NVD/CVE DatabaseFix: A pull request to fix this issue awaits acceptance (mentioned in the source as pending at https://github.com/vllm-project/vllm/pull/37594).
NVD/CVE DatabaseFix: SafeDep recommended checking GitHub Actions tabs for unexpected workflow_dispatch runs (manual workflow triggers), and if using OIDC federation (a cloud authentication method) for deployments, review cloud audit logs for token requests from unknown workflow runs. The researchers also shared a list of indicators of compromise (IOCs), including the attacker's command-and-control domain (216.126.225.129:8443), campaign signatures, forged author names and emails, commit messages, and names of compromised repositories to aid in detection and cleanup.
CSO OnlineVaronis Atlas has integrated with the Claude Compliance API to help organizations monitor and secure their use of Claude Enterprise and Claude Platform, which are AI tools used for tasks like document analysis and building custom applications. The integration allows security teams to track AI usage, detect misuse and sensitive data exposure, investigate complete chat sessions, and test for vulnerabilities like prompt injection (tricking an AI by hiding instructions in its input) and jailbreaks. Varonis Atlas connects AI activity to underlying data permissions and access controls to help organizations understand what data their AI systems can reach and whether that access is safe.
Fix: The source does not explicitly describe a specific fix or mitigation for a particular vulnerability. Instead, it describes Varonis Atlas's features for monitoring and securing AI systems: continuous monitoring of conversation content, real-time detection of sensitive data exposure and jailbreak attempts, session-level investigations, runtime guardrails, and proactive pen testing (stress-testing assistants and agents for vulnerabilities). Organizations can access these capabilities through the Varonis Atlas platform, including its AI inventory, posture management, security testing, runtime guardrails, and compliance reporting functionality.
BleepingComputerThis academic paper explores using graph neural networks (machine learning models that analyze connected data structures) and adaptive partial disconnection (selectively cutting off connections in a network) as methods to stop malware from spreading through systems. The research, published in July 2026, presents these techniques as defensive strategies for protecting networks against malware propagation.
This is a research paper proposing a new multi-factor authentication (MFA, a security method requiring multiple forms of proof to verify a user's identity) system that adapts based on context. The paper, published in July 2026, suggests that authentication security can be improved by adjusting verification requirements based on factors like user location, device, and behavior patterns rather than using the same rigid security checks for everyone.