All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
A fake AI model repository on Hugging Face (a platform for sharing AI models) impersonated OpenAI's Privacy Filter and tricked 244,000 users into downloading it before removal. The malicious repository contained a loader.py file that delivered infostealer malware (software that steals passwords and credentials) to Windows systems, highlighting risks in how companies source and validate AI models from public repositories.
This is an interest form from OpenAI for university student clubs to join their Campus Network program. The form collects information about the club's activities, current use of AI tools, and what kinds of support or opportunities the club members are interested in exploring.
Over 1,800 MCP servers (Model Context Protocol servers, tools that connect AI assistants to external systems) are publicly exposed without requiring authentication, meaning anyone can see what internal tools an organization has connected to their AI. Security researchers found that production systems with access to financial databases, social media accounts, and customer data are vulnerable to attacks like EchoLeak (a zero-click exploit that hides malicious instructions in documents) and mcp-remote (a supply chain attack using a widely-downloaded package with a command injection vulnerability).
A fake repository on Hugging Face (a platform for sharing AI models) impersonated OpenAI's Privacy Filter model and tricked 244,000 users into downloading malware disguised as a legitimate tool. The malicious repository copied the real project's description verbatim and included a loader script that deployed an information stealer, a type of malware that harvests sensitive data like passwords, screenshots, and cryptocurrency wallet information from Windows machines.
OpenAI is launching the OpenAI Deployment Company, a new business unit staffed with Forward Deployed Engineers (FDEs, specialists in integrating AI systems into organizations) to help businesses build and deploy AI technology across their operations. The company, backed by $4 billion in initial investment and partnerships with major investment firms and consulting companies, acquired Tomoro to bring approximately 150 experienced FDEs on board and aims to help organizations redesign workflows and infrastructure around AI to achieve measurable results.
Attackers are running a malware campaign that uses Google Ads and fake Claude.ai shared chats to trick Mac users searching for Claude into downloading malware. The malicious chats pretend to be official installation guides and trick users into pasting commands in Terminal that download and run hidden malware, which steals browser passwords, cookies, and data from macOS Keychain (the system that stores passwords and sensitive information on Macs).
Ollama, a popular framework for running large language models locally, has a critical out-of-bounds read vulnerability (CVE-2026-7482, CVSS score 9.1) that allows attackers to leak sensitive data like API keys and conversation history from process memory by uploading a specially crafted GGUF file (a file format for storing language models). The vulnerability affects versions before 0.17.1 and potentially impacts over 300,000 servers globally.
This article describes a legal trial between Elon Musk and OpenAI's leadership taking place in Oakland, focusing on disputes over the future of artificial intelligence. The piece is a journalistic account of the courtroom drama, featuring prominent tech figures and highlighting tensions between wealthy individuals and companies in the AI industry.
A fake OpenAI repository on Hugging Face (a platform where developers share AI models and code) disguised itself as a legitimate project and tricked users into downloading a malicious loader script that steals sensitive data like passwords, cryptocurrency wallets, and browser cookies. The fake repository reached the top of Hugging Face's trending list with 244,000 downloads before the platform removed it after researchers reported the threat.
Researchers have developed a dual-branch image tampering detection model that uses two parallel processing paths to identify when images have been altered or forged. The model analyzes both noise patterns (statistical irregularities in pixel data) and anomalous features (unexpected or out-of-place patterns) to detect tampering, offering a more comprehensive approach than methods that examine only one type of indicator.
This article presents ten critical questions organizations should ask before using AI models to find vulnerabilities in their systems. Rather than offering a specific technical fix, it emphasizes that simply finding vulnerabilities doesn't improve security without proper processes, prioritization, and risk management in place. Key concerns include data leakage risks, whether AI is truly the best approach compared to basic security hygiene like patching, and ensuring your organization has the people and processes to actually fix discovered issues.
OpenAI announced it will give the European Union access to GPT-5.5-Cyber, a specialized AI model designed for cybersecurity defense, while Anthropic has not yet granted similar access to its competing model called Mythos. The EU plans to review OpenAI's model closely to address security concerns, though discussions with Anthropic about accessing Mythos are still at an earlier stage.
This blog discussion explores steganography (hiding secret messages within other content) involving LLMs through techniques like white text on white backgrounds and deliberately misspelling words to confuse AI models. Commenters note that LLMs handle these obfuscation attempts easily, and discuss broader steganography methods including TEMPEST (electromagnetic emissions security), with mention that modern software-defined radios (SDRs, affordable radio receivers programmable via software) have made older defensive techniques less effective.
AI security is currently focused on posture-based controls (checking configurations, access rules, and input filters), similar to how endpoint security relied on antivirus signatures in the early 2000s, but this approach is incomplete because the AI attack surface is expanding faster than teams can secure it. The article argues that organizations need to shift toward behavior-based detection, which monitors what AI systems actually do (API calls, data retrieval, system actions) rather than just checking if security policies are in place, because the blast radius of a compromised AI agent affects multiple systems downstream.
This article discusses how security leaders should prepare their teams for agentic AI (AI systems that can autonomously perform tasks), emphasizing that it will become essential as cyber attackers increasingly use AI at machine speed. Key principles include having leaders embrace agentic AI adoption through hands-on experimentation and training, setting organizational culture around rapid iteration, and addressing staff resistance to the technology shift.
Fix: Access to the malicious model has since been disabled by Hugging Face.
The Hacker NewsFix: Update to Ollama version 0.17.1 or later. Additionally, the source recommends: limit network access to Ollama instances, audit running instances for internet exposure, isolate and secure them behind a firewall, and deploy an authentication proxy or API gateway in front of all Ollama instances since the REST API does not provide authentication by default.
The Hacker NewsThis research paper examines how machine learning-based network intrusion detection systems (NIDS, software that identifies unauthorized access attempts) can use adaptive active-defense hardening to protect themselves against reinforcement learning (RL, a type of AI that learns by trial-and-error) driven attacks. The study compares this dynamic defense approach with traditional static defenses (fixed security measures that don't change).
This academic paper discusses extending SBOMs (Software Bill of Materials, a detailed list of all software components in a program) to create AIBOMs for agentic AI systems (AI systems that can take independent actions). The research focuses on adding new schema extensions (structured data formats) to track AI agent components, improving how these systems can be orchestrated (coordinated and controlled), and developing methods to evaluate whether AI systems produce consistent, reproducible results.
This research paper proposes a security method for IoV (Internet of Vehicles, where cars connect to networks) that combines blockchain (a distributed ledger technology that creates permanent, tamper-resistant records) with PUF (physical unclonable functions, unique fingerprints derived from hardware that are hard to fake) to create a two-factor authentication and key agreement scheme. The approach aims to improve security for vehicle communication and data exchange in connected car systems.
Researchers proposed DV2PDA, a new method for collecting data from Industrial Internet of Things devices (IIoT, networks of sensors and machines in factories) while protecting privacy and ensuring the data hasn't been tampered with. The scheme uses decentralization (spreading control across multiple computers instead of one central server) and verification (checking that data is authentic) to let organizations aggregate information from many devices without exposing individual sensitive details.
Researchers have developed QAEAS, a quantum adaptive ensemble attack system that can break through the defenses of robust deep neural networks (AI systems trained to resist attacks). The system uses quantum computing techniques combined with multiple coordinated attack strategies to find weaknesses in AI models that were designed to be resistant to traditional hacking methods.
Fix: Users who downloaded files from the malicious repository are advised to reimage the machine (completely reinstall the operating system), rotate all stored credentials, replace cryptocurrency wallets and seed phrases, and invalidate browser sessions and tokens.
BleepingComputer