All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
IBM Langflow Desktop versions 1.2.0 through 1.8.4 has a path traversal vulnerability (CVE-2026-4502) that allows an authenticated attacker to write arbitrary files on a system by sending specially crafted URL requests with "dot dot" sequences (/../, which move up directory levels). This affects users who are already logged into the application.
IBM Langflow Desktop versions 1.6.0 through 1.8.4 has a stored cross-site scripting vulnerability (XSS, a flaw where an attacker can inject malicious code that gets saved and executed in a web interface). An authenticated user can embed JavaScript code in the Web UI, which could alter how the application works and potentially expose user credentials to attackers who access the same session.
IBM Langflow Desktop versions 1.0.0 through 1.8.4 have a vulnerability called SSRF (server-side request forgery, where an attacker tricks the server into making requests it shouldn't). An authenticated attacker (someone with login access) could exploit this to send unauthorized requests from the system, potentially discovering network information or launching additional attacks.
Elon Musk testified in his lawsuit against Sam Altman and OpenAI, with a judge interrupting his discussion about AI risks during cross-examination. The trial is revealing private communications about OpenAI's creation and will include testimony from other tech industry leaders about the conflict between Musk and Altman.
Bluekit is a phishing kit (a pre-built toolkit that helps attackers create fake login pages to steal credentials) that includes over 40 templates targeting popular services like Gmail, iCloud, and GitHub, plus an AI assistant panel supporting models like GPT-4.1 and Claude to help cybercriminals draft phishing emails. The kit integrates domain registration, phishing page setup, campaign management, and real-time victim monitoring into one interface, making it accessible to less-skilled attackers. While the AI-generated outputs are currently basic and require manual cleanup, the platform is under active development and receiving frequent updates, suggesting it will likely become more widely adopted.
OpenTelemetry's disk retry feature for OTLP (OpenTelemetry Protocol, a standard format for sending telemetry data) had a security flaw where it stored temporary blob files (serialized data chunks) in a shared system temp directory accessible to other user accounts on multi-user systems. This allowed attackers to inject fake telemetry data, read sensitive telemetry information, or cause performance problems by filling the directory with large files.
A security flaw in n8n-mcp's URL validation allowed attackers to bypass SSRF (server-side request forgery, where an attacker tricks a server into making unwanted requests) protections using IPv4-mapped IPv6 addresses like `http://[::ffff:169.254.169.254]`. This could let an attacker who controls the `n8nApiUrl` input force the server to request sensitive data from cloud metadata endpoints, private networks, or localhost services, and the responses would be returned to the attacker along with API credentials.
OpenAI launched Advanced Account Security, an optional protection feature for high-risk ChatGPT and Codex users like journalists and dissidents that replaces passwords with physical security keys or passkeys to prevent account takeover attacks (when someone gains unauthorized access to an account). The feature also uses recovery keys instead of email/SMS for account recovery, enforces shorter login sessions, and sends alerts on sign-ins, making it much harder for attackers to breach accounts through phishing (tricking users into revealing login credentials) or social engineering (manipulating support staff).
Jupyter Notebook has a stored XSS (cross-site scripting, a type of attack where malicious code runs in a user's browser when they view a webpage or file) vulnerability that lets attackers steal authentication tokens (credentials that prove who you are) by tricking users into clicking fake controls in malicious notebook files. An attacker who steals these tokens can take over a user's account, read files, run code, and access the system.
Gemini, a crypto exchange, received approval from the U.S. Commodity Futures Trading Commission (CFTC, the federal agency that regulates futures and derivatives) to operate its own regulated derivatives clearinghouse, allowing it to process trades internally rather than through outside services. This approval enables Gemini to expand into prediction markets (betting platforms where users forecast future events) and perpetual futures (leveraged contracts that never expire), giving the company more control over these products and potentially more stable revenue streams.
Google is updating vehicles equipped with Google built-in to replace their current Google Assistant with Gemini, a more advanced AI assistant. The upgrade will be available to both new and existing vehicles through a software update, offering improvements in natural conversations, vehicle information retrieval, and settings adjustments.
Microsoft and OpenAI have restructured their business partnership, with the key change allowing OpenAI to offer its products and services through multiple cloud providers (computing platforms that deliver software and services over the internet) instead of being limited to Microsoft's cloud. The companies maintained an amicable relationship despite previous tensions over contracts and AI infrastructure.
OpenAI discovered that its AI models were unexpectedly inserting references to goblins and other creatures into their responses, a behavior that started appearing in the GPT-5.1 model, particularly when using the "Nerdy" personality option. The company traced this quirk to patterns in the training data and added instructions to prevent the models from discussing these creatures.
OpenAI is restricting access to its new cybersecurity tool called Cyber (part of GPT-5.5) to only approved users, requiring them to submit credentials and explain their intended use through an application on OpenAI's website. Cyber can perform tasks like penetration testing (simulating attacks to find security weaknesses), vulnerability identification, and malware reverse engineering (analyzing malicious code to understand how it works), but OpenAI is limiting access because the tool could be misused by attackers if widely available.
Fix: OpenAI says it's working to make Cyber more widely available by consulting with the U.S. government and identifying more users with legitimate cybersecurity credentials.
TechCrunch (Security)Anthropic has released a new AI model called Mythos that industry leaders believe could significantly disrupt cybersecurity practices and defenses. The article discusses potential threats this model poses and reports on what cybersecurity experts are saying about its implications.
Anthropic released Claude Security, an AI-powered tool designed to help security teams find and fix vulnerabilities faster by scanning code repositories, identifying security flaws, and generating targeted patches. The tool is available in public beta for Claude Enterprise customers and integrates with existing security platforms from companies like CrowdStrike and Microsoft, aiming to reduce the time from vulnerability discovery to fix from days to a single session.
Fix: Claude Security provides automated vulnerability scanning, generates confidence ratings on severity, offers reproduction instructions, and creates targeted patch instructions that can be worked through with Claude Code on the Web. Users can also schedule regular scans for ongoing coverage rather than one-off audits. The tool is available now to Claude Enterprise customers through Claude.ai/security and works with Claude Opus 4.7 without requiring API integration or custom agent setup.
SecurityWeekN/A -- The provided content is a navigation menu and feature listing from GitHub's website, not an AI/LLM security issue, vulnerability, or technical problem.
Fix: If an immediate upgrade to a patched version is not possible: 1. Avoid enabling disk retry in shared environments. 2. Configure a dedicated directory with strict ACL/ownership and least privilege (access control lists that restrict who can read or write). 3. Ensure the directory is not shared across tenants/users. 4. Monitor for unexpected `*.blob` files or abnormal retry backlog growth.
GitHub Advisory DatabaseElon Musk testified in court that his AI startup xAI used OpenAI's models to train its own AI system called Grok through model distillation (a technique where a larger AI model teaches a smaller one by transferring knowledge). Model distillation is a common practice in the AI industry, though it can be used legitimately within a single company or potentially misused by competitors trying to copy a rival's AI performance.
Fix: Upgrade to **v2.47.14 or later** (via `npx n8n-mcp@latest` for npm or `docker pull ghcr.io/czlonkowski/n8n-mcp:latest` for Docker). If immediate upgrade is not possible, the source mentions three workarounds: (1) validate URLs before passing them to the SDK by rejecting IP literal hostnames and accepting only DNS-resolvable hostnames; (2) restrict outbound network traffic from the n8n-mcp process to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local addresses (169.254.0.0/16), and cloud metadata endpoints; and (3) do not accept user-controlled `n8nApiUrl` values and derive the URL from internal configuration only.
GitHub Advisory DatabaseFix: OpenAI's explicitly mentioned mitigations for Advanced Account Security users include: (1) requiring two physical security keys or passkeys instead of passwords, (2) eliminating email and SMS recovery routes in favor of recovery keys, backup passkeys, or physical security keys, (3) blocking OpenAI support team access to recovery options to prevent social engineering attacks on support portals, (4) enforcing shorter sign-in windows and sessions before re-authentication is required, (5) generating login alerts that users can review in their dashboard, and (6) enabling data opt-out from model training by default. OpenAI also partnered with Yubico to offer lower-cost YubiKey bundles to these users. Members of OpenAI's Trusted Access for Cyber program must enable Advanced Account Security by June 1, 2024, or submit an alternative attestation of phishing-resistant authentication through enterprise single sign-on.
Wired (Security)Fix: Update to Jupyter Notebook 7.5.6 or JupyterLab 4.5.7, which include patches. As a temporary workaround, disable the help extension by running: `jupyter labextension disable @jupyter-notebook/help-extension` and `jupyter labextension disable @jupyterlab/help-extension`. For additional hardening, disable command linker functionality by adding this to `overrides.json`: `{"@jupyterlab/apputils-extension:sanitizer": {"allowCommandLinker": false}}`.
GitHub Advisory DatabaseWiz Red Agent is an AI security tool powered by Anthropic's Claude Opus models that automatically scans production environments (web applications and APIs) to find exploitable security vulnerabilities by reasoning like a human attacker. It analyzes over 150,000 applications weekly and has discovered thousands of previously unknown high and critical security risks across major organizations with zero false positives.
Goodfire, a startup, has created Silico, a tool that uses mechanistic interpretability (a technique for understanding how AI models work by mapping their neurons and the connections between them) to help developers debug and adjust LLM behavior. Instead of treating model development as trial-and-error, Silico lets developers zoom into a trained model, see which neurons control specific behaviors like hallucinations (false information the AI generates), and adjust those neurons to improve or suppress certain outputs.