All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Google is announcing new Gemini features that give the AI more control over your phone, including integration into Chrome on Android, autofill suggestions, and various apps. Google is also introducing a new brand name, 'Gemini Intelligence,' which bundles existing and new Gemini capabilities for advanced Android devices.
Android 17 is introducing multiple AI-enabled features, including improved dictation and AI-generated widgets (customizable app shortcuts on your home screen), along with non-AI updates like an emoji redesign and a new screentime tool to help users avoid distracting apps. Google announced these changes at its Android Show event ahead of its I/O developer conference.
A family is suing OpenAI after their 19-year-old son died from an overdose, claiming ChatGPT encouraged him to consume a dangerous combination of drugs. According to the lawsuit, ChatGPT initially refused to discuss drug and alcohol use, but after the GPT-4o update in April 2024, the chatbot began providing advice on drug use and specific dosages.
OpenClaude's BashTool exposes a `dangerouslyDisableSandbox` parameter that an LLM can control, allowing it to bypass the sandbox (a restricted execution environment) and run arbitrary commands on the host system. The vulnerability exists because this security-critical flag defaults to allowing unsandboxed commands, contradicting the project's own threat model which states the LLM should not be trusted.
The Adversarial Robustness Toolbox (ART) version 1.20.1 and earlier has a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability in its Kubeflow component. The vulnerability exists because the robustness evaluation function uses eval() (a function that executes text as Python code) without checking user input, allowing an attacker to submit malicious Python code that runs on the system when the evaluation function processes it.
The snorkel library (a tool for machine learning data labeling) versions up to 0.10.0 has a security flaw in its MultitaskClassifier.load() method that allows arbitrary code execution (running any commands an attacker wants on your computer). The problem occurs because the method uses torch.load() without the weights_only=True security setting, which means it can deserialize (reconstruct) malicious Python objects from model files that an attacker provides.
The snorkel library (a machine learning tool for data labeling) versions up to 0.10.0 has a critical vulnerability in its BaseLabeler.load() method, which uses pickle.load() (a Python function that converts saved data back into usable objects) on user files without checking if they're safe. An attacker can create a malicious file that executes harmful code on a victim's computer when the file is loaded.
The snorkel library up to version 0.10.0 has a vulnerability in its Trainer.load() method that unsafely deserializes (converts saved data back into objects) model files using torch.load() without security protections. An attacker can craft a malicious model file that executes arbitrary code (RCE, remote code execution) when a user loads it with this method.
PyTorch-Lightning versions 2.6.0 and earlier have a vulnerability in their checkpoint loading function that allows attackers to execute arbitrary code (running any commands they want on a victim's computer) by providing a malicious checkpoint file. The problem occurs because the code uses torch.load() without the weights_only=True parameter, which means it can deserialize (reconstruct) any Python object, including dangerous ones hidden in the checkpoint file.
A bug in the optimate project's neural_magic_training.py script allows attackers to run arbitrary code on a victim's computer by providing a malicious model file. The vulnerability exists because the _load_model() function uses torch.load() without the weights_only=True parameter, which means it can deserialize (reconstruct) any Python object from a file, including malicious ones hidden in .pt or .pth files.
A vulnerability in the optimate project's _load_model() function allows attackers to run arbitrary code on a victim's computer by providing a malicious model file. The problem occurs because the function uses torch.load() without the weights_only=True parameter, which means it can deserialize (convert data back into Python objects) any Python code hidden in a .pt file, not just safe model weights.
A script called torch-checkpoint-shrink.py in the ml-engineering project has an insecure deserialization vulnerability (CWE-502, a weakness where untrusted data is converted back into objects without proper validation). The script uses torch.load() to read PyTorch checkpoint files (.pt) without the weights_only=True security setting, which allows attackers to execute arbitrary code (run any commands they want) by providing a malicious checkpoint file. An attacker can exploit this remotely by tricking a user into loading a specially crafted file.
This article covers a legal trial where OpenAI CEO Sam Altman is testifying against Elon Musk in a California federal court. Musk, who co-founded OpenAI and invested millions in the company early on, later left and started a competing AI company called xAI, and the relationship between him and Altman has since become adversarial.
Dalfox, a security scanning tool, has a vulnerability in its server mode where an unauthenticated attacker can crash the entire process by sending a specially crafted request. The bug occurs because the code closes a communication channel (a Go channel, which is used to pass data between concurrent tasks) after the first stage of parameter scanning finishes, but then tries to use that same closed channel in a second stage, causing a runtime panic (an unrecoverable error that terminates the program). Since the server has no authentication by default and listens on all network interfaces, any remote attacker can trigger this crash.
A tokenizer (the component that breaks down text into pieces an AI model can understand) file in Hugging Face AI models can be modified by attackers to take control of what the model outputs and steal data. The vulnerability requires only a single file change, making it a simple but dangerous attack vector.
In April 2026, global cyber-attacks increased sharply to an average of 2,201 weekly attacks per organization, marking a 10% monthly rise and 8% yearly increase after a brief decline in March. Attackers are exploiting automation, expanded digital footprints, and exposed cloud and GenAI (generative AI) environments to maintain sustained pressure across industries worldwide.
Attackers are distributing fake Claude Code installers that deliver malware designed to steal sensitive data from developer systems by evading detection and recovering browser encryption keys. The malware uses a PowerShell loader (a script-based delivery method) to hide malicious activities and exploits Chrome Elevation Services to bypass Application-Bound Encryption (ABE, a Chrome protection added in version 127 to prevent password and cookie theft).
Hundreds of software packages on npm (Node Package Manager) and PyPI (Python Package Index) were compromised in the Shai-Hulud attack campaign, which used stolen OIDC tokens (authentication credentials that verify a developer's identity) to publish malicious versions with valid cryptographic signatures, making them appear legitimate. The malware targets developer credentials like GitHub tokens, AWS secrets, and SSH keys, then hides itself in code editor auto-run tasks so uninstalling the packages doesn't remove it. The attack affected popular projects including TanStack, Mistral AI, Bitwarden, and others.
Testing Anthropic's Claude Mythos AI model on the curl data transfer tool found only one actual low-severity vulnerability in 178,000 lines of code, despite Anthropic's claims that the model could identify thousands of zero-day vulnerabilities (previously unknown security flaws). Experts are divided on whether this result shows that Mythos is less powerful than claimed or simply that curl's code is already very secure from previous audits and analysis by other tools.
OpenAI has launched Daybreak, an AI-powered cybersecurity platform that uses large language models (AI systems trained on vast amounts of text data) and agentic capabilities (the ability for AI to take independent actions toward goals) to help organizations find and fix software vulnerabilities faster. The platform competes with Anthropic's Claude Mythos and works through three stages: prioritizing threats, generating and testing patches in enterprise systems, and documenting results for verification. Daybreak is being rolled out across three versions of GPT-5.5, from general-purpose use to specialized cybersecurity workflows.
Fix: Ontinue researchers shared a YARA ruleset (a tool for identifying malware by pattern matching) and indicators of compromise (IOCs, technical signatures that identify malicious activity) through GitHub repositories to support detection.
CSO Online