All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Copy.Fail is a critical Linux kernel vulnerability that lets an attacker with basic user access escalate their privileges to root (the highest permission level) by exploiting the kernel crypto API and splice function (a system call that efficiently moves data between files). The vulnerability affects most Linux distributions without requiring special tricks or version-specific offsets, and it's especially dangerous in shared environments like Kubernetes clusters and cloud servers where multiple users or containers share the same kernel.
Fix: The mainline fix landed on 1 April. Distros are rolling kernels out now. Patch. Additionally, a custom seccomp profile (a security filter that restricts which system calls programs can use) is needed, since Kubernetes Pod Security Standards and the default RuntimeDefault seccomp profile do not block the vulnerable syscall.
Schneier on SecurityOver 170 packages in popular NPM and PyPI repositories (code libraries that developers use) were compromised by the hacking group TeamPCP in a coordinated attack, including packages from TanStack, UiPath, and Mistral AI. The malware (malicious software) stolen sensitive information like API keys (credentials for accessing services), developer tokens, and cryptocurrency wallets, then tried to spread by using stolen GitHub tokens to publish infected versions of other packages. The attackers used a novel technique called a supply chain attack (compromising the tools and processes used to build and distribute software) by exploiting three security weaknesses in GitHub Actions (automated workflows for building and releasing code) to bypass security checks and make malicious packages appear legitimate.
TeamPCP compromised multiple popular software packages (from companies like TanStack, Mistral AI, and Guardrails AI) by injecting malicious code that steals credentials for cloud services, cryptocurrency wallets, and development tools. The attack used a technique called SLSA provenance (a system that verifies software was built securely) to make the malicious packages look legitimate, and the malware persists by modifying development tools like VS Code so it runs every time the tool starts.
Linux kernel maintainers are proposing a 'kill switch' that would let system administrators disable a vulnerable function in the OS kernel (the core software that manages hardware and system resources) until a patch for a zero-day vulnerability (a previously unknown security flaw) is ready. The proposal aims to protect servers during the gap between when a vulnerability is discovered and when a patched kernel can be built, tested, and restarted on systems, though security experts debate whether this approach is practical or creates new risks.
NVIDIA engineers and researchers use Codex, an AI coding tool built on GPT-5.5, to automate complex engineering tasks and machine learning research workflows. The tool can work autonomously for long sessions, finding bugs and writing code that earlier models couldn't, and has enabled teams to build production systems and run experiments much faster than before. Codex integrates with remote infrastructure (SSH, or secure shell protocol, which lets users securely connect to distant computers) and can even test its own code as it's being built.
AutoScout24 Group, a large European and Canadian online car marketplace, implemented AI tools like ChatGPT and Codex (an AI coding assistant) across its 2,000 employees to speed up software development and improve code quality. By embedding Codex directly into engineering workflows and creating an "AI Champions" network for knowledge sharing, the company reduced development timelines from 2-3 weeks to 2-3 days for some projects while maintaining reliability.
DeepChat, an open-source AI platform combining models, tools, and agents, has a vulnerability in versions before v1.0.4-beta.1 that allows remote code execution (RCE, where an attacker can run commands on a system they don't own). An attacker can use a malicious link in Markdown or a compromised AI endpoint to bypass security checks and execute arbitrary commands by exploiting unprotected pop-up window handlers in the application.
Thinking Machines, an AI company founded by former OpenAI CTO Mira Murati, is developing 'interaction models' that can process audio, video, and text simultaneously and respond in real time, unlike current AI models that wait passively for users to finish typing or speaking before responding.
Google's security team reported that it stopped hackers from using AI models to find and exploit a zero-day vulnerability (a software flaw unknown to developers) as part of a planned large-scale attack that would have bypassed two-factor authentication (a security method using two verification steps). The incident highlights a growing concern that criminals are using available AI tools to discover software weaknesses in ways that could harm companies and organizations.
A weakness was found in aiwaves-cn agents (software components that perform tasks autonomously) that allows attackers to consume excessive resources on a system, potentially making it slow or unavailable. The vulnerability is in a function called recall_relevant_memories_to_working_memory and can be exploited remotely (from a distance over a network), with the exploit code now publicly available. The developers have been notified but have not yet responded or released a fix.
SOCFortress CoPilot, a security operations management tool, has a critical flaw in versions before 0.1.57 where it uses a hardcoded JWT signing secret (a fixed password used to create secure authentication tokens) as a fallback. If users don't manually set their own JWT_SECRET, the application uses this publicly known secret, allowing attackers to forge fake admin tokens and take complete control without needing real credentials. This vulnerability is fixed in version 0.1.57.
MLflow versions 3.9.0 and earlier contain a vulnerability where unauthenticated attackers can read arbitrary files from a server by exploiting a flaw in the `_create_model_version()` handler (a function that processes requests to create new model versions). An attacker can trick the system into storing any file path from the server's filesystem by using a special tag in their request, and then retrieve those files through a different function that doesn't properly check permissions.
OpenAI's Chief Revenue Officer announced that enterprise AI adoption is reaching a 'tipping point' and introduced a new Deployment Company to accelerate business adoption of AI technology. The company acquired Tomoro, an AI consulting firm, bringing about 150 forward-deployed engineers (specialists who work directly with clients to integrate AI into their business processes) who will help organizations understand their workflows and implement AI solutions.
A developer demonstrated how to use an LLM (large language model) directly in the shebang line (the first line of a script that tells the system how to run it) of executable text files, allowing scripts to be written as natural English prompts instead of traditional code. The approach uses the LLM tool with various options to generate outputs like SVG images, incorporate external tools, and even execute YAML templates that define custom Python functions.
Flowise, a tool for building customized AI workflows through a visual interface, has a vulnerability in versions before 3.1.0 where four specific tools bypass security protections by directly using raw HTTP clients (tools for making web requests) instead of using a secured wrapper. This could allow attackers with login credentials to make unauthorized server requests (SSRF, or server-side request forgery).
Go's built-in fuzzing tool (a technique that tests software by feeding it random or semi-random inputs to find bugs) was missing key features available in other languages like Rust and C++, so researchers built gosentry, a modified version of the Go toolchain that adds stronger bug detection, grammar-based fuzzing (testing structured inputs like parsers), and coverage reports while keeping the same familiar interface. Gosentry detects bugs that vanilla Go fuzzing misses, including integer overflows (when numbers get too large for their storage), data races (when multiple threads access the same data unsafely), and goroutine leaks (abandoned lightweight threads), without requiring developers to rewrite existing fuzzing tests.
Fix: Use gosentry instead of Go's standard fuzzer: point existing Go fuzz harnesses at gosentry's binary and run them with new CLI flags like --catch-races=true and --catch-leaks=true to enable additional bug detection. For example: ./bin/go test -fuzz=FuzzHarness --focus-on-new-code=false --catch-races=true --catch-leaks=true. Gosentry also supports generating coverage reports from existing fuzzing campaigns with the --generate-coverage flag, and the --panic-on flag can make the fuzzer stop when specific functions like log.Fatal are called.
Trail of Bits BlogAgentic AI (AI systems that can independently execute tasks and take actions) is already running in many organizations without security teams fully understanding it, creating a significant security gap. Security professionals cannot effectively protect technology they don't understand, and teams that lack fluency in agentic AI are being bypassed by business units moving forward without their input. The article identifies three main categories of agentic AI risk: general-purpose coding agents (like GitHub Copilot), vendor-built agents using MCP (Model Context Protocol, which allows agents to connect to external services), and custom agents built by non-technical users, each requiring different security considerations.
CISOs (Chief Information Security Officers, the top security leaders at companies) are taking on increasingly important roles as AI becomes central to business operations and security threats grow. Companies like Brown & Brown and PayPal are addressing AI risks by creating AI security frameworks and governance structures that require security reviews before any AI tool is deployed, ensuring AI is used safely and responsibly.
Fix: According to the source, companies should implement AI security frameworks that require security reviews before deploying any AI capability. These frameworks should evaluate AI use cases against security requirements, data sensitivity, operational risk, and business impact. Additionally, organizations should establish AI Governance Working Groups (as Brown & Brown has done) to perform AI risk assessments and ensure AI is fit for purpose and used responsibly.
CSO OnlineOpenAI launched Daybreak, a new tool that uses AI models to help organizations find and fix software vulnerabilities before attackers can exploit them. Daybreak combines OpenAI's AI capabilities with Codex Security to automate tasks like code review, threat modeling, and patch validation. However, the article notes that AI tools have created a problem where vulnerabilities are discovered faster than developers can fix them, leading to 'triage fatigue' (where maintainers get overwhelmed sorting through many vulnerability reports, some of which may be false alarms generated by AI).
Fix: According to the source, Daybreak addresses the remediation bottleneck by incorporating 'patch validation' and 'remediation guidance into the everyday development loop so software becomes more resilient from the start.' Additionally, the text states that 'companies like Anthropic, Google, and OpenAI have increasingly positioned AI security agents as a new operational layer to address the remediation bottleneck and safeguard digital infrastructure from potential exploitation.' However, no specific technical steps or implementation details are provided in the source text.
The Hacker NewsFix: The proposed mitigation, as described by Sasha Levin, is: 'for many such issues, the simplest mitigation is to stop calling the buggy function.' Levin suggests that 'the cost of this socket family stops working for the day is much smaller than the cost of running a known vulnerable kernel until the fix lands.' A proposed version of a kernel kill switch has been provided by Levin and a colleague, though the source does not detail the technical implementation of this kill switch.
CSO OnlineFix: Update DeepChat to v1.0.4-beta.1 or later, where this vulnerability is fixed.
NVD/CVE DatabaseOpenAI launched Daybreak, an AI security initiative designed to find and fix vulnerabilities (weaknesses in software that attackers could exploit) before attackers discover them. Daybreak uses the Codex Security AI agent to analyze an organization's code, identify potential attack paths (ways an attacker could compromise the system), and automatically detect high-risk vulnerabilities.
Fix: Update SOCFortress CoPilot to version 0.1.57 or later, where this vulnerability is fixed.
NVD/CVE DatabaseFix: This issue is fixed in version 3.10.0.
NVD/CVE DatabaseFix: Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.
NVD/CVE Database