All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Anthropic announced that Claude now integrates with 28 enterprise security and compliance platforms, allowing organizations to monitor and govern Claude's use alongside other workplace software. The integration works through the Claude Compliance API, which gives security teams access to conversation content and activity logs from Claude Enterprise, enabling them to apply their existing monitoring policies to Claude.
The TrapDoor malware campaign compromised over 34 malicious packages across npm, PyPI, and Crates.io (popular code repositories where developers download libraries) to steal developer secrets like AWS credentials, GitHub tokens, and SSH keys (authentication credentials for secure systems). The campaign is particularly dangerous because it targets entire developer workflows, including AI coding assistants, and uses normal software development processes as cover, making it harder to detect and potentially giving attackers access to CI/CD pipelines (automated systems that build and deploy software) and cloud infrastructure.
Uber has spent its entire annual AI budget in just four months of 2026 and is questioning whether the spending is worthwhile, as the company struggles to see a clear connection between rising token consumption (the computational cost of running AI models like Claude Code) and actual improvements in features delivered to customers. Uber's president says it's difficult to prove that increased AI spending is directly producing more useful features for consumers.
Attackers are now exploiting software vulnerabilities (unpatched flaws in code) as their primary way to break into organizations, surpassing stolen credentials as the most common entry point. This shift is happening because companies are struggling to patch vulnerabilities quickly enough — in 2025, only 26% of critical vulnerabilities were fully fixed, with the median time to patch rising to 43 days, while the volume of critical vulnerabilities grew by 50% year-over-year.
India's CERT-In has issued new security guidelines requiring organizations to patch critical vulnerabilities in internet-exposed systems within 12 hours because attackers are increasingly using AI and LLMs (large language models, which are AI systems trained on large amounts of text) to automate the discovery and exploitation of security weaknesses faster than ever before. The guidelines warn that AI-assisted attacks can compress the time needed for attackers to find and weaponize vulnerabilities, and recommend defensive measures like continuous vulnerability monitoring, Zero Trust security (verifying access at every step), layered security controls, and secure-by-design practices.
Fix: CERT-In recommends organizations implement the following: "Assume breach and prepare for rapid detection, containment, and recovery from compromise scenarios. Adopt a Zero Trust approach by enforcing continuous verification and least-privilege access. Implement a defense-in-depth strategy with layered controls across infrastructure to eliminate single points of failure and minimize the overall impact of a successful breach. Monitor and reduce exposure to security vulnerabilities. Embed a secure-by-design paradigm into systems, applications, and AI workflows. Maintain operational continuity during cyber incidents and disruption scenarios. Safeguard sensitive and operationally critical data throughout its lifecycle. Reduce software supply chain risks arising from third-party software, AI models, and dependencies through SBOM (software bill of materials), provenance validation, and assessments. Test security effectiveness against evolving threats through red teaming, vulnerability assessments, penetration testing, and independent audits." Organizations should also adopt "continuous, risk-based vulnerability and patch management practices" and prioritize patching known exploited vulnerabilities affecting internet-facing and critical systems.
The Hacker NewsAI systems change continuously between deployments (such as when retrieval indexes update overnight or new tools are added), which breaks the traditional governance model where compliance is checked after development is complete. Most organizations still treat governance as a separate review layer rather than embedding it into the actual deployment process, leaving companies blind to changes most likely to affect the system. Chinese AI companies instead treat governance as release infrastructure, embedding compliance checkpoints directly into the deployment pipeline so that no product launches without passing these checks.
Fix: Embed governance checkpoints directly into the deployment pipeline as release infrastructure rather than treating it as a separate review layer. According to the source, this means making governance 'part of the product' by including compliance checks that must be cleared before any product launch occurs, similar to how Chinese AI companies structure their deployment processes. Specific practices mentioned include maintaining current, pipeline-generated records of components like retrieval indexes, establishing output-monitoring thresholds that are owned by responsible parties, and tying model evaluation results to enforceable release gates.
CSO OnlineAnthropic's Project Glasswing, which uses Claude Mythos Preview (an AI model trained to find software bugs), has discovered approximately 10,000 critical or high-severity vulnerabilities across over 1,000 open-source projects and 50 partner organizations. While the AI successfully identified thousands of real vulnerabilities, maintainers are overwhelmed by the flood of bug reports and lack the capacity to patch them quickly, creating a major cybersecurity challenge where finding bugs is now much easier than fixing them.
The LiteSpeed cPanel Plugin has a privilege escalation vulnerability (a flaw that lets users gain higher-level access than they should have) that any cPanel user account can exploit to run arbitrary scripts (custom code) with root privileges (the highest admin level). This vulnerability is currently being actively exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See vendor security update at https://blog.litespeedtech.com/2026/05/21/security-update-for-litespeed-cpanel-plugin/
CISA Known Exploited VulnerabilitiesAnthropic is preparing to publicly release its Mythos model, an advanced AI designed for code analysis that can automatically develop professional-level cyberattacks but also help find and fix software bugs before they're exploited. The company initially delayed public release due to security concerns, but has since developed a guardrail system (safety restrictions built into the model) and is now testing Mythos in Claude Code and Claude Security. Anthropic is also running a project called Glasswing, which partners with companies to use Mythos Preview to find vulnerabilities in critical software, having uncovered 10,000 high or critical-severity vulnerabilities in its first month.
Fix: Anthropic decided against public rollout of the Mythos model until it prepared a powerful guardrail system (safety restrictions to prevent misuse). The company is also collaborating with other companies through the Glasswing project to identify and secure potential AI-driven exploits before widespread release.
BleepingComputerPope Leo XIV released a papal encyclical (an official open letter from the Catholic Church) called 'Magnifica Humanitas' warning about risks from AI and rapid technological advancement, including AI-powered warfare and job displacement. The document emphasizes that current legal and ethical protections are inadequate to safeguard human dignity as AI adoption accelerates.
Federated Learning (FL, a technique where multiple computers train an AI model together without sharing raw data) faces security challenges from adversarial attacks (attempts to trick the model with carefully crafted inputs) and data heterogeneity (when each computer has different types of data). The paper introduces Fed-CDP (Federated Contrastive Diffusion Prototypes), a new approach that uses a server to actively synthesize improved features from client data rather than just collecting them, which helps make the shared model more robust against attacks and reduces model drift (when local models diverge from each other).
Facial manipulation techniques like face-swapping and face attribute editing (changing features in images) threaten privacy and identity security, but existing defense methods work poorly against both types of attacks in a unified way. Researchers developed EA-APO (Epoch-Adaptive Adversarial Perturbation Optimization), a defense framework that adds specially designed invisible noise patterns to face images to disrupt both face-swapping and attribute-editing AI models, even ones the defense hasn't seen before. The method was tested across multiple commercial facial manipulation tools and remained effective even after common image processing and social media compression.
Researchers developed a new method to attack deep neural networks that analyze 3D point clouds (collections of data points representing 3D objects) by using cage-based deformation, which smoothly warps the entire shape rather than moving individual points. The method generates adversarial attacks (malicious inputs designed to fool AI systems) that look natural to humans while successfully tricking classifiers, and these attacks remain effective even against defense methods.
This paper presents a method for performing skyline optimization (a technique that filters data to find the most important records based on multiple criteria) on encrypted data that is split across multiple locations in a vertical data federation (a system where different organizations each hold different columns of the same dataset). The researchers developed an asynchronous structured skyline predicate that improves both efficiency and security while protecting sensitive data from unauthorized access.
This research paper studies how to estimate discrete distributions (collections of data categories and their frequencies) while protecting sensitive information using utility-optimized local differential privacy (ULDP, a privacy protection method that keeps data private locally while allowing more accurate results for non-sensitive information). The authors mathematically prove the fundamental limits of this privacy-utility trade-off and propose new optimal mechanisms called utility-optimized block design schemes to achieve the best possible accuracy under these privacy constraints.
This paper presents MGRNet, a graph reasoning model (a method that uses network structures to understand relationships between data points) designed to improve multi-modal object re-identification (ReID, the task of matching the same object across different image types like visible and infrared photos). The approach handles low-quality local features by constructing modality-aware graphs (structures that represent relationships between image patches while accounting for different image types) and selectively swapping graph nodes to combine local and global information, ultimately creating more reliable object representations.
Researchers found security weaknesses in DIZY, an ultra-lightweight stream cipher (an encryption method designed for devices with limited computing power) designed to protect resource-constrained devices like RFID tags. The attacks show that DIZY-80 and DIZY-128 provide weaker security (65/86-bit levels) than claimed (80/112-bit levels) by exploiting how the cipher initializes. The researchers proposed an improved version called DIZYa that resists these attacks while maintaining the original design's advantages.
Fix: An improved variant of DIZY, called DIZYa, is proposed. The analysis on DIZYa shows that the improved variant can provide better security resistance against all known attacks including the attacks on DIZY, while maintaining the commendable characteristics of DIZY.
IEEE Xplore (Security & AI Journals)Researchers argue that enterprises cannot secure AI agents by making the underlying models more robust. Instead, they must enforce security controls at the system level, treating AI models as fundamentally untrusted components, similar to how operating systems treat processes. The paper identifies five security principles from traditional systems security (least privilege, tamper resistance, complete mediation, secure information flow, and accounting for human error) that should be applied to AI agents, and notes that all eleven real-world attacks analyzed violated the secure information flow principle.
This research paper describes a defense technique called Infer-Shield that protects AI models trained across multiple organizations (federated learning, where different parties train a shared model without sharing raw data) from membership inference attacks (attempts to determine if specific individuals' data was used in training). The paper proposes using adaptive distillation (a technique where a smaller model learns from a larger one to reduce information leakage) as a way to make these distributed AI systems more secure.
CVE Lite CLI is an open-source tool that scans JavaScript and TypeScript project dependencies for vulnerabilities by analyzing lockfiles (files that track which packages a project uses) locally while developers are coding, rather than waiting for security checks to fail later in the CI pipeline (automated testing system). The tool provides detailed remediation guidance, distinguishing between direct dependencies (packages you explicitly use) and transitive dependencies (packages that your dependencies use), and recommending specific upgrade paths. According to the creator, this local-first approach is increasingly important because AI coding assistants allow developers to add packages quickly, potentially without proper security review.
Fix: CVE Lite CLI scans npm, pnpm, and Yarn lockfiles using OSV vulnerability data and can be configured for JSON, SARIF, or HTML outputs and integrated into CI workflows as a GitHub Action. The tool analyzes lockfiles to identify which vulnerabilities are direct versus transitive, validates upgrade targets, and recommends actionable fix paths while developers are still writing code.
CSO Online