All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
datasette-llm-accountant 0.1a4 is a software release, but the provided content contains only a title and version number with no description of features, functionality, or issues.
This item references llm-gemini version 0.32a0, which appears to be a software package or library for working with Google's Gemini AI model. Without additional context about a specific issue, vulnerability, or problem, no technical analysis can be provided from the content given.
OpenAI announced a partnership with Singapore's government called 'OpenAI for Singapore,' backed by over S$300 million, to help the country become an AI-powered economy. The initiative will establish OpenAI's first Applied AI Lab outside the United States, create over 200 technical jobs, and focus on deploying frontier AI (cutting-edge AI systems), developing local AI talent, and expanding AI access across organizations in sectors like healthcare, finance, and public services.
datasette-llm 0.1a8 is an early-stage release (indicated by the 'a' in the version number, meaning alpha or pre-release software) announced by Simon Willison in May 2026. The source text does not provide details about what this software does, what problems it solves, or any security issues associated with it.
Elon Musk lost a lawsuit against OpenAI in which he claimed that CEO Sam Altman and President Greg Brockman had misled him about the company's non-profit status. MIT Technology Review hosted a discussion with AI reporter Michelle Kim and editor Mat Honan to examine the trial details and what the outcome means for competition in the AI industry.
Coder's Azure identity verification has a critical flaw: it checks that a certificate comes from a trusted Azure authority but never verifies the actual PKCS#7 signature (a cryptographic stamp that proves data hasn't been tampered with). An attacker can forge identity data and steal session tokens that grant access to Git keys, OAuth tokens, and secrets. All Coder v2 versions are affected.
PenPot's MCP REPL server binds to all network interfaces (0.0.0.0:4403) and exposes an unauthenticated /execute endpoint that runs arbitrary JavaScript code, allowing anyone on the network to achieve RCE (remote code execution, where an attacker can run commands on a system they don't own). The vulnerability exists because the server listen call omits a host argument, defaulting to 0.0.0.0, and the /execute endpoint has no authentication checks before executing user-supplied code.
Polymarket is launching prediction markets (contracts where traders bet on whether specific events will happen) tied to private companies like OpenAI and Anthropic, allowing regular investors to speculate on milestones such as IPO timing and company valuations without actually owning shares. Nasdaq Private Market will provide the data to determine whether these contracts pay out, and for the first time will make valuation data publicly available for free. This addresses a frustration where ordinary investors are typically excluded from investing in private companies that have created enormous value before going public.
Coder's Azure identity endpoint was vulnerable to SSRF (server-side request forgery, where an attacker tricks a server into making requests to unintended targets) because it accepted unsigned certificates and fetched arbitrary URLs without validation. An attacker could craft a fake certificate pointing to any internal or external address, forcing the Coder server to connect to it and reveal whether the target was reachable through error messages, enabling network reconnaissance and potential attacks on internal services.
Caddy's remote admin access control has a bug in how it checks if a client certificate is allowed to access certain paths. It uses prefix matching (checking if a path starts with an allowed path) without verifying that the allowed path ends at a proper boundary, so a certificate authorized only for `/pki/ca/prod` can also access `/pki/ca/prod-backup` or `/pki/ca/prod1`. This breaks the principle of least privilege (giving users only the minimum access they need) and allows authenticated users to bypass authorization restrictions on PKI (public key infrastructure, used for managing certificates) endpoints.
9router, a tool for managing AI plugins, has a critical vulnerability where two unprotected API endpoints can be chained together to run arbitrary OS commands. The problem occurs because the authentication middleware (a security check) only protects 8 specific routes, while 40+ routes under `/api/cli-tools/*` and `/api/mcp/*` have no protection, allowing attackers with network access to register malicious commands and then trigger them without any credentials.
The npm (node package manager, a repository for reusable code libraries) registry was attacked on May 19 when hackers compromised a maintainer account and published 637 malicious versions of 317 packages, including the popular AntV data visualization tool used by Alibaba. The malware, called Mini-Shai-Hulud worm, steals credentials like npm tokens, GitHub tokens, and passwords from cloud platforms and wallets. After detection, AntV's maintainers deleted the infected packages and marked remaining ones as deprecated, advising users to download only the latest verified versions.
CVE-2026-8370 is a privilege escalation vulnerability in Broadcom Automic Automation Agent (a tool that automates system tasks) running on various Unix and Linux systems. The vulnerability allows a user with basic access to run programs with higher-level privileges than they should have, affecting versions before 24.4.4 HF1, with a severity rating of 8.5 (HIGH CVSS score, a 0-10 rating of how severe a vulnerability is).
Google and Volvo announced that Gemini, an AI assistant, will soon be able to access external cameras in Volvo's EX60 SUV to help interpret the vehicle's surroundings. This capability works because Volvo uses Google's Android Automotive (an operating system designed for vehicles) in the car. The first planned use is helping drivers understand confusing parking signs, though Google expects other applications in the future.
Google announced new AI models called Gemini 3.5 at its I/O 2026 conference, including Gemini 3.5 Flash (available immediately) and Gemini 3.5 Pro (coming next month). The Gemini 3.5 Flash model will now be the default AI powering Google's Gemini app and AI Mode in Search. The announcement was part of a broader keynote that also covered updates to Gmail, Search features, and Project Aura smart glasses.
Meta is forcing over 7,000 employees to transfer to new teams focused on AI, including groups building AI cloud infrastructure and an internal AI agent called Hatch. This reorganization is mandatory, with the company previously telling workers that similar transfers to an AI data labeling team were non-optional, even after initially offering them as voluntary.
Google is expanding access to CodeMender, an AI agent (a software system that can perform tasks autonomously) for code security that can both identify and fix vulnerabilities (security weaknesses) in software. This move appears to be Google's response to Anthropic's recent announcement of Claude Mythos Preview, intensifying competition in the AI security tools market.
Google announced new AI models at its I/O conference, including Gemini 3.5 Flash (a faster, cheaper version of its main model) and Gemini Spark (an AI agent that can take actions in connected apps on a user's behalf). The company also introduced Omni, a world model (AI trained to simulate and predict physical environments) that can edit videos and generate realistic imagery, as Google competes with rivals like OpenAI and Anthropic.
Google has announced Gemini Spark, its own AI agent platform (software that can perform tasks automatically on your behalf) that runs constantly in the background to help with tasks like writing emails, creating study guides, and monitoring credit card statements. Powered by the Gemini 3.5 Flash model, it will initially work with Google Workspace apps like Gmail and Docs, with plans to connect to other third-party applications.
Google is launching Pics, a new AI image generation app for Workspace that uses Gemini and Google's Nano Banana 2 image model to make editing easier. Instead of rewriting entire prompts to change small details, users can click on specific parts of an image and leave notes describing what they want to change, similar to commenting in Google Docs.
Fix: Update to patched versions: v2.33.3, v2.32.2, v2.31.12, v2.30.8, v2.29.13, or v2.24.5. If unable to patch immediately, reconfigure Azure templates to use token authentication instead of azure-instance-identity by setting coder_agent.auth to 'token' and adding CODER_AGENT_TOKEN=${coder_agent.main.token} to environment variables.
GitHub Advisory DatabaseFix: Fixed in PR #25274 (commit 57b11d405). Upgrade to patched versions: v2.33.3, v2.32.2, v2.31.12, v2.30.8, v2.29.13, or v2.24.5 (ESR), depending on your release line.
GitHub Advisory DatabaseFix: According to AntV's GitHub warning, the infected packages have been deleted and remaining ones marked as deprecated. Users should identify and download the latest versions from a list of compromised packages. Beyond this, experts recommend developers look for signs of compromise in CI/CD (continuous integration/continuous deployment, automated systems that build and deploy code) environments and repositories, and rotate all credentials.
CSO Online