All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
NVIDIA Triton Inference Server contains a vulnerability (CVE-2026-24206) that allows attackers to bypass authentication (a security check that verifies who you are), potentially leading to privilege escalation (gaining higher-level access), denial of service (making a system unavailable), or information disclosure (unauthorized access to data). The vulnerability is classified as CWE-288, which means it exploits an alternate path to bypass normal authentication checks.
Google announced updates to its search engine that will use AI more heavily, allowing users to ask longer, more natural questions that get answered by Google's chatbot instead of traditional search results. The company also revealed new smart glasses (wearable devices with computer capabilities) for consumers, marking its return to the hardware market over a decade after its previous glasses faced public criticism. These changes are powered by Google's new Gemini 3.5 AI model.
Ramp engineers use Codex (an AI code review tool) with GPT-5.5 to give substantive feedback on pull requests (code changes) in minutes instead of hours, catching bugs that human reviewers miss. Beyond code review, they're also using Codex to build internal tools like On-Call Assistant, which helps manage the complex demands of on-call engineer shifts (when engineers respond to system emergencies). The tool stands out because it deeply analyzes the codebase and reasons through complex problems, reducing manual work that would otherwise require significant mental effort.
N/A -- The provided content only contains a title and version number (llm-gemini 0.32) with no substantive information about any security issue, vulnerability, or problem to analyze.
Google released Gemini 3.5 Flash, a new AI model now available to billions of users through Google apps and to developers via APIs (application programming interfaces, tools that let software communicate). The model is significantly more expensive than previous Flash versions, costing 3-6 times more, bringing it close in price to Google's more advanced Gemini 3.1 Pro model.
OpenAI announced a new Guaranteed Capacity offering that lets customers lock in long-term access to compute (the computational power needed to train and run AI models) by committing to one, three-year contracts with increasing discounts based on the commitment length. CEO Sam Altman said this helps OpenAI plan ahead while giving customers certainty about capacity availability, though the offering is only available until current allocation sells out.
This article discusses AI Bills of Materials (BOMs, which are detailed lists of components and dependencies used in AI systems), and how security leaders can prepare to use them effectively in their organizations. The piece focuses on five strategies that CISOs (Chief Information Security Officers, the executives responsible for security) can use to both adopt AI BOMs and help shape how they're created in the future.
Singapore has signed separate agreements with Google and OpenAI to strengthen its position as a global AI hub and speed up AI deployment in public services, healthcare, education, and business. OpenAI will invest over $234 million in Singapore's AI ecosystem and establish its first applied AI lab outside the U.S., while Google will focus on solving societal challenges, building an AI-ready workforce, and creating a secure AI ecosystem (systems designed to prevent harmful outcomes from AI).
Microsoft Defender has a vulnerability that allows attackers to cause a denial of service (a type of attack where a service becomes unavailable to users). This vulnerability is currently being actively exploited by attackers, making it a priority security concern.
Fix: Apply mitigations per Microsoft vendor instructions, follow applicable BOD 22-01 guidance for cloud services (security requirements for government cloud systems), or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesMicrosoft DirectX has a NULL byte overwrite vulnerability (a type of memory corruption where attackers can overwrite data at a specific memory location) in its QuickTime Movie Parser Filter within the quartz.dll file. An attacker could exploit this by sending a specially crafted QuickTime media file to execute arbitrary code (run any commands they want) on a victim's system, and this vulnerability is currently being exploited by real attackers.
Fix: Apply mitigations per Microsoft's vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See Microsoft Security Bulletin MS09-028 for specific patch details.
CISA Known Exploited VulnerabilitiesMicrosoft Internet Explorer has a use-after-free vulnerability (a bug where code tries to access memory that has already been freed), which could let attackers run arbitrary code (any commands they choose) on a user's computer through specially crafted web content. The affected version is end-of-life (no longer supported by Microsoft), and this vulnerability is currently being exploited by real attackers.
Fix: Apply mitigations per vendor (Microsoft) instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesAdobe Acrobat and Reader have a heap-based buffer overflow vulnerability (a memory safety flaw where data overflows into adjacent memory, potentially allowing attackers to run malicious code) that can be triggered by opening a specially crafted PDF file. This vulnerability is actively being exploited by attackers in real-world attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesMicrosoft Defender has a link following vulnerability (a flaw where the software unsafely opens links that could lead to unauthorized access) that lets an authorized attacker gain higher-level privileges on a local computer. This vulnerability is actively being exploited by attackers in real-world attacks.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesMicrosoft Internet Explorer has a use-after-free vulnerability (a memory safety bug where code tries to access data that has already been deleted), which could let remote attackers run arbitrary code on a victim's computer. This vulnerability is actively being exploited by attackers in the wild, and the affected version of Internet Explorer may no longer be supported by Microsoft.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA Known Exploited VulnerabilitiesOpenAI is launching 'Education for Countries,' a program to help governments deploy AI tools like ChatGPT and Codex (a code-generation AI) in schools through research partnerships, teacher training, and localized systems. The program aims to improve learning outcomes while ensuring responsible adoption by measuring real-world impact in classroom settings and building educator confidence.
Microsoft Windows has a buffer overflow vulnerability (a bug where too much data overwrites adjacent memory) in its Server Service that lets remote attackers run arbitrary code by sending a specially crafted RPC request (a message asking a computer to perform a task). This flaw is actively being exploited by real attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See Microsoft security bulletin MS08-067 for details.
CISA Known Exploited VulnerabilitiesAn OpenAI language model has solved a famous 80-year-old math problem in discrete geometry (the study of geometric shapes made from separate points) by disproving a long-held belief about how many pairs of points can be exactly one unit apart. The AI found an infinite family of point arrangements that beat the previous best solution, and external mathematicians have verified the proof, marking the first time an AI has autonomously solved a prominent open problem central to a mathematical field.
This article discusses AI BOMs (bill of materials, a detailed list of components and dependencies in an AI system), exploring what factors will encourage more organizations to create and use them. The content examines the forces and motivations driving adoption of this practice for better AI transparency and management.
Ocean, a new startup founded by former Israeli cybersecurity researcher Shay Shwartz, has raised $28 million to fight AI-powered phishing attacks (fraudulent emails designed to steal information). The company argues that AI makes phishing easier and faster by automating the research and targeting process that previously required manual effort, so traditional email security tools are insufficient. Ocean's solution uses a small language model (a scaled-down AI trained for specific tasks) to analyze incoming emails for fraud and impersonation by understanding context and the sender's intent.
Fix: Ocean built a small language model tailored to quickly analyze emails, understand the sender's intent, and evaluate it against the user's specific organizational context. According to the founder, this approach works like 'having a guard in every door' to make the inbox safe.
TechCrunch (Security)Google is promoting new AI tools like Gemini Spark (an always-on AI agent that helps organize events and brief you on your day) and expanded Gmail AI features that draft emails and create to-do lists, but these tools rely on processing large amounts of personal data. The article raises concerns about whether users should trust Google with this personal information to power its AI-powered future.