All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
CISOs (Chief Information Security Officers, the top security leaders at companies) are taking on increasingly important roles as AI becomes central to business operations and security threats grow. Companies like Brown & Brown and PayPal are addressing AI risks by creating AI security frameworks and governance structures that require security reviews before any AI tool is deployed, ensuring AI is used safely and responsibly.
Fix: According to the source, companies should implement AI security frameworks that require security reviews before deploying any AI capability. These frameworks should evaluate AI use cases against security requirements, data sensitivity, operational risk, and business impact. Additionally, organizations should establish AI Governance Working Groups (as Brown & Brown has done) to perform AI risk assessments and ensure AI is fit for purpose and used responsibly.
CSO OnlineTeamPCP compromised multiple popular software packages (from companies like TanStack, Mistral AI, and Guardrails AI) by injecting malicious code that steals credentials for cloud services, cryptocurrency wallets, and development tools. The attack used a technique called SLSA provenance (a system that verifies software was built securely) to make the malicious packages look legitimate, and the malware persists by modifying development tools like VS Code so it runs every time the tool starts.
Linux kernel maintainers are proposing a 'kill switch' that would let system administrators disable a vulnerable function in the OS kernel (the core software that manages hardware and system resources) until a patch for a zero-day vulnerability (a previously unknown security flaw) is ready. The proposal aims to protect servers during the gap between when a vulnerability is discovered and when a patched kernel can be built, tested, and restarted on systems, though security experts debate whether this approach is practical or creates new risks.
NVIDIA engineers and researchers use Codex, an AI coding tool built on GPT-5.5, to automate complex engineering tasks and machine learning research workflows. The tool can work autonomously for long sessions, finding bugs and writing code that earlier models couldn't, and has enabled teams to build production systems and run experiments much faster than before. Codex integrates with remote infrastructure (SSH, or secure shell protocol, which lets users securely connect to distant computers) and can even test its own code as it's being built.
AutoScout24 Group, a large European and Canadian online car marketplace, implemented AI tools like ChatGPT and Codex (an AI coding assistant) across its 2,000 employees to speed up software development and improve code quality. By embedding Codex directly into engineering workflows and creating an "AI Champions" network for knowledge sharing, the company reduced development timelines from 2-3 weeks to 2-3 days for some projects while maintaining reliability.
DeepChat, an open-source AI platform combining models, tools, and agents, has a vulnerability in versions before v1.0.4-beta.1 that allows remote code execution (RCE, where an attacker can run commands on a system they don't own). An attacker can use a malicious link in Markdown or a compromised AI endpoint to bypass security checks and execute arbitrary commands by exploiting unprotected pop-up window handlers in the application.
Thinking Machines, an AI company founded by former OpenAI CTO Mira Murati, is developing 'interaction models' that can process audio, video, and text simultaneously and respond in real time, unlike current AI models that wait passively for users to finish typing or speaking before responding.
Google's security team reported that it stopped hackers from using AI models to find and exploit a zero-day vulnerability (a software flaw unknown to developers) as part of a planned large-scale attack that would have bypassed two-factor authentication (a security method using two verification steps). The incident highlights a growing concern that criminals are using available AI tools to discover software weaknesses in ways that could harm companies and organizations.
A weakness was found in aiwaves-cn agents (software components that perform tasks autonomously) that allows attackers to consume excessive resources on a system, potentially making it slow or unavailable. The vulnerability is in a function called recall_relevant_memories_to_working_memory and can be exploited remotely (from a distance over a network), with the exploit code now publicly available. The developers have been notified but have not yet responded or released a fix.
SOCFortress CoPilot, a security operations management tool, has a critical flaw in versions before 0.1.57 where it uses a hardcoded JWT signing secret (a fixed password used to create secure authentication tokens) as a fallback. If users don't manually set their own JWT_SECRET, the application uses this publicly known secret, allowing attackers to forge fake admin tokens and take complete control without needing real credentials. This vulnerability is fixed in version 0.1.57.
MLflow versions 3.9.0 and earlier contain a vulnerability where unauthenticated attackers can read arbitrary files from a server by exploiting a flaw in the `_create_model_version()` handler (a function that processes requests to create new model versions). An attacker can trick the system into storing any file path from the server's filesystem by using a special tag in their request, and then retrieve those files through a different function that doesn't properly check permissions.
OpenAI's Chief Revenue Officer announced that enterprise AI adoption is reaching a 'tipping point' and introduced a new Deployment Company to accelerate business adoption of AI technology. The company acquired Tomoro, an AI consulting firm, bringing about 150 forward-deployed engineers (specialists who work directly with clients to integrate AI into their business processes) who will help organizations understand their workflows and implement AI solutions.
A developer demonstrated how to use an LLM (large language model) directly in the shebang line (the first line of a script that tells the system how to run it) of executable text files, allowing scripts to be written as natural English prompts instead of traditional code. The approach uses the LLM tool with various options to generate outputs like SVG images, incorporate external tools, and even execute YAML templates that define custom Python functions.
Flowise, a tool for building customized AI workflows through a visual interface, has a vulnerability in versions before 3.1.0 where four specific tools bypass security protections by directly using raw HTTP clients (tools for making web requests) instead of using a secured wrapper. This could allow attackers with login credentials to make unauthorized server requests (SSRF, or server-side request forgery).
MLflow versions before 3.9.0 contain an SSRF vulnerability (server-side request forgery, where an attacker tricks a server into making requests to unintended targets) in the webhook creation function. An authenticated attacker can provide a malicious URL that causes MLflow's backend to send HTTP requests to internal services, cloud credential systems, or external servers, potentially exposing sensitive data or accessing restricted networks.
Microsoft CEO Satya Nadella testified in a lawsuit that Elon Musk never contacted him about concerns that Microsoft's investments in OpenAI violated any agreements or commitments. Musk sued OpenAI and its leaders in 2024, claiming they abandoned the company's nonprofit mission, and he alleges Microsoft's $13 billion in investments to OpenAI helped enable this breach of charitable trust. Nadella stated that Microsoft's investments were commercial partnerships with clear business benefits, not donations, and that he believed the company acted appropriately.
The flash-attention training framework has a vulnerability in how it loads saved model checkpoints (snapshots of a model's learned weights). An attacker can hide malicious code inside a checkpoint file, and when someone loads that file using the `load_checkpoint()` function, the code runs automatically on their computer without permission.
CosyVoice, a text-to-speech framework, has an insecure deserialization vulnerability (CWE-502, a weakness where untrusted data is converted back into executable objects) in how it loads model files. The vulnerability exists because the code uses torch.load() without the weights_only=True security setting, allowing attackers to execute arbitrary code (malicious instructions) on a victim's computer by tricking them into loading a specially crafted model file through the CosyVoice Web UI.
OpenAI launched Daybreak, a new tool that uses AI models to help organizations find and fix software vulnerabilities before attackers can exploit them. Daybreak combines OpenAI's AI capabilities with Codex Security to automate tasks like code review, threat modeling, and patch validation. However, the article notes that AI tools have created a problem where vulnerabilities are discovered faster than developers can fix them, leading to 'triage fatigue' (where maintainers get overwhelmed sorting through many vulnerability reports, some of which may be false alarms generated by AI).
Fix: According to the source, Daybreak addresses the remediation bottleneck by incorporating 'patch validation' and 'remediation guidance into the everyday development loop so software becomes more resilient from the start.' Additionally, the text states that 'companies like Anthropic, Google, and OpenAI have increasingly positioned AI security agents as a new operational layer to address the remediation bottleneck and safeguard digital infrastructure from potential exploitation.' However, no specific technical steps or implementation details are provided in the source text.
The Hacker NewsFix: The proposed mitigation, as described by Sasha Levin, is: 'for many such issues, the simplest mitigation is to stop calling the buggy function.' Levin suggests that 'the cost of this socket family stops working for the day is much smaller than the cost of running a known vulnerable kernel until the fix lands.' A proposed version of a kernel kill switch has been provided by Levin and a colleague, though the source does not detail the technical implementation of this kill switch.
CSO OnlineFix: Update DeepChat to v1.0.4-beta.1 or later, where this vulnerability is fixed.
NVD/CVE DatabaseOpenAI launched Daybreak, an AI security initiative designed to find and fix vulnerabilities (weaknesses in software that attackers could exploit) before attackers discover them. Daybreak uses the Codex Security AI agent to analyze an organization's code, identify potential attack paths (ways an attacker could compromise the system), and automatically detect high-risk vulnerabilities.
Fix: Update SOCFortress CoPilot to version 0.1.57 or later, where this vulnerability is fixed.
NVD/CVE DatabaseFix: This issue is fixed in version 3.10.0.
NVD/CVE DatabaseFix: Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.
NVD/CVE Database