All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Two hacking groups in Latin America are using AI agents (software that can perform tasks independently) to automatically create custom hacking tools for attacks against targets in Mexico and Brazil. This represents a new threat where attackers let AI do much of the work of building attack software rather than writing it manually.
Amazon is launching Alexa for Shopping, an LLM-powered AI assistant (a language model trained to understand and respond to text) that integrates directly into Amazon.com to answer shopping questions and provide product recommendations. This new assistant replaces Amazon's previous shopping AI called Rufus and will appear prominently in the Amazon app and website when users type queries.
A legal dispute between Elon Musk and OpenAI leaders has revealed that private conversations shared with AI chatbots are not actually confidential, as evidenced by Greg Brockman's personal messages about Musk being used as court evidence. This case demonstrates that users should be cautious about disclosing sensitive personal information to AI systems because that data may not remain private.
SoftBank's Vision Fund recorded a $46 billion gain in the past year, mostly from its massive investment in OpenAI, which has grown to be worth $852 billion. However, this heavy concentration of OpenAI in SoftBank's portfolio has raised concerns about the company's debt and financial stability, leading ratings agency S&P Global to downgrade its outlook from stable to negative.
The Tutor LMS plugin for WordPress (versions up to 3.9.9) has a vulnerability where it trusts user input (IDOR, or insecure direct object reference, which happens when an app doesn't properly check if a user should access data before showing it). An authenticated instructor can manipulate a parameter to gain unauthorized access to other instructors' courses and perform damaging actions like deleting lessons, quizzes, and student data, or modifying grades.
OpenAI discovered that two employee devices were compromised by malware hidden in a TanStack npm package (a JavaScript library downloaded from an online repository) as part of a broader supply chain attack called Mini Shai-Hulud. The attackers gained limited access to internal source code repositories and exfiltrated some credentials, but OpenAI found no evidence that customer data, production systems, or intellectual property were compromised. OpenAI responded by isolating affected systems, revoking credentials, rotating code-signing certificates (the digital signatures that verify software is authentic), and working with platform providers to prevent misuse of the compromised certificates.
This article covers testimony from Sam Altman in a legal case where he is accused of stealing a charity. Altman defended himself on the stand, claiming he and his team built the charity through hard work and that Elon Musk attempted to destroy it rather than him stealing it.
nnU-Net (a framework for automatically analyzing and segmenting images) had a vulnerability in its GitHub workflow where untrusted user input from issue titles and descriptions were sent directly to an AI agent without proper filtering. This allowed attackers to trick the AI agent into performing unintended actions like commenting on or relabeling issues, since the workflow ran automatically whenever someone opened an issue.
OpenAI CEO Sam Altman testified in court to defend himself against a lawsuit from Elon Musk, who claims Altman deceived him about OpenAI's business structure. Musk alleges that Altman broke their founding agreement by converting OpenAI from a non-profit to a for-profit company, and is seeking Altman's removal, a $134 billion redistribution, and reversal of the conversion.
Google is integrating Gemini, its AI model, deeply into Android and other devices as an 'intelligence system' that can automate tasks across multiple apps, understand what's on screen, and complete actions like booking reservations or building shopping lists. The move comes as Google competes with OpenAI and Anthropic for AI dominance, while also powering part of Apple's AI strategy, and represents a shift from traditional chatbots to agentic AI (systems that take actions on a user's behalf).
CVE-2026-42893 is a command injection vulnerability (a flaw where an attacker can insert malicious commands by exploiting how special characters are handled) in Microsoft 365 Copilot that allows an unauthorized attacker to tamper with data over a network. The vulnerability has a CVSS 4.0 severity rating (a moderate score on the 0-10 vulnerability severity scale). This issue was reported by Microsoft Corporation and published in May 2026.
Langflow (a tool for building AI-powered agents and workflows) has a path traversal vulnerability (a security flaw where attackers manipulate file paths to access files outside intended boundaries) in its Knowledge Bases API that allows authenticated attackers to delete arbitrary directories on the server by exploiting improper handling of knowledge base names. This flaw can cause data loss and service disruption.
Microsoft developed MDASH, an AI system that uses over 100 specialized AI agents to automatically find software vulnerabilities, and it discovered 16 previously unknown Windows flaws, including four critical RCEs (remote code execution attacks where attackers can run commands on a system). The vulnerabilities were patched in Microsoft's May 12 Patch Tuesday release, and the system will enter private preview for enterprise customers next month.
Fix: The vulnerabilities were patched as part of Microsoft's May 12 Patch Tuesday release.
CSO OnlinePalo Alto Networks launched Idira, a new identity security platform designed to manage and secure human users, machine identities (non-human accounts that systems use), and AI agents as enterprises increasingly deploy autonomous AI systems. Unlike traditional identity management systems, Idira treats all identities as privileged and uses dynamic privilege controls, continuously discovering identities across cloud and developer environments while dynamically granting and revoking access permissions in real time rather than using static access tokens.
The UK's AI Security Institute tested whether GPT-5.5 (OpenAI's model) could find security vulnerabilities as well as Claude Mythos, and found they perform comparably. A smaller, cheaper model also performed equally well, though it needs more scaffolding (additional structure and guidance provided by the person writing prompts to the AI).
Codex, OpenAI's coding agent, previously lacked a sandbox (a constrained execution environment with restricted permissions) on Windows, forcing users to either approve every command or allow unrestricted access. To solve this, the Codex team built a custom sandbox implementation because existing Windows tools like AppContainer, Windows Sandbox, and Mandatory Integrity Control labeling were either too restrictive for open-ended developer workflows or incompatible with the product requirements.
CISA and G7 cyber agencies released guidance on minimum elements for AI software bills of materials (SBOMs, documents listing all components and dependencies in software), helping security leaders assess AI system risks before deployment. Unlike traditional SBOMs that only track code, AI SBOMs must document models, training data, prompts, infrastructure, and other AI-specific elements because AI systems' behavior depends on data and models as much as code. The guidance gives organizations a framework to ask vendors for transparency during procurement, though it shows what vendors claim exists rather than proving the systems are trustworthy.
Fix: S&P Global Ratings suggested that SoftBank could "limit negative financial impacts" by selling some assets. SoftBank has already been selling stakes in companies like T-Mobile and Nvidia to fund its OpenAI investment.
CNBC TechnologyFix: OpenAI's explicit mitigation steps included: isolating impacted systems and identities, revoking user sessions, rotating all credentials across impacted repositories, temporarily restricting code-deployment workflows, rotating code-signing certificates for iOS, macOS, and Windows products, coordinating with platform providers to prevent unauthorized notarizations (digital certifications of software), and reviewing all previous notarizations to confirm no unauthorized software signing occurred. macOS users are required to update their applications once the certificate is fully revoked on June 12, 2026, after which macOS security protections will block new downloads and launches of apps signed with the previous certificate. Additionally, OpenAI accelerated deployment of security controls including hardened credential materials in their CI/CD pipeline (continuous integration/continuous deployment, the automated system for building and releasing software), package manager configurations with controls like minimumReleaseAge, and additional security software to validate package origins.
OpenAI BlogMicrosoft has announced MDASH, a new multi-model agentic scanning harness (a tool that uses multiple AI systems working together to automatically detect security threats). The system achieved top performance on industry security benchmarks, representing an advance in AI-powered cyber defense.
Microsoft announced MDASH (a multi-model agentic scanning harness that uses over 100 specialized AI agents working together to find security vulnerabilities), which discovered 16 new vulnerabilities in Windows, including four critical remote code execution flaws (where attackers can run commands on systems they don't own). MDASH achieved an 88.45% score on a public cybersecurity benchmark, outperforming other systems, and is currently available only through a limited private preview program.
Fix: This vulnerability is fixed in version 2.4.1.
NVD/CVE DatabaseMeta is testing a feature on Threads that lets users tag a Meta AI account to answer questions or provide context in conversations, similar to how people use xAI's Grok on X. However, users discovered they cannot block the Meta AI account, which has caused frustration in the community.
Fix: This vulnerability is fixed in version 1.9.0. Users should upgrade Langflow to 1.9.0 or later.
NVD/CVE Database