All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
Zero trust is a security strategy based on 'never trust, always verify' that was defined 15 years ago, but most organizations struggle to implement it correctly. Studies show that 88% of organizations face significant challenges with zero trust, and security researchers have found vulnerabilities in zero-trust network access (ZTNA, a tool that controls remote access based on verification) offerings, suggesting vendors sometimes fail to secure data properly. The main problem is confusion about what zero trust actually is: it's a mindset and strategy, not a product or specific technology, yet many vendors misleadingly market zero-trust products that only deliver a small fraction of the security controls needed.
Qualcomm is developing over 40 new AI-powered devices, with CEO Cristiano Amon predicting that AI agents (autonomous software programs that can perform complex tasks across apps and services) will gradually replace traditional apps and smartphones as the center of how people interact with technology. These new devices include wearables like smart glasses, earbuds with cameras, and jewelry designed to give users constant access to these agents, potentially becoming as popular as smartphones within a few years.
Anthropic received a US export control directive (a government order restricting what can be shared outside the country) on Friday requiring the company to suspend access to its Claude Mythos 5 and Fable 5 AI models for all foreign nationals, including foreign employees. To comply with the order, Anthropic had to completely disable the products and planned to travel to Washington to appeal the directive to President Trump.
Cursor, a code editor designed for programming with AI assistance, had a security flaw in versions before 3.0.0 where it would automatically run commands from a settings file (.claude/settings.local.json) without asking the user first. An attacker could create a malicious workspace or file that executes harmful commands on the user's computer when the AI completes a task, potentially allowing them to escape security restrictions, maintain access across sessions, steal local data, or cause further damage.
Netty's RedisArrayAggregator has a vulnerability where it pre-allocates memory (reserves space in a data structure) based on array sizes claimed in incoming messages, without checking if those sizes are reasonable. An attacker can send a message claiming an extremely large array size, causing the system to try reserving huge amounts of memory and crash or become unresponsive, even though they don't send the actual array data.
The W3CBaggagePropagator.extract() function in OpenTelemetry Core does not limit the size of incoming baggage HTTP headers, allowing unbounded memory allocation. While Node.js's default header size limit (16,384 bytes) provides some protection, systems without this limit or using non-HTTP transports (alternative communication methods like messaging systems) are at higher risk.
A critical three-stage attack called 'SearchLeak' could allow attackers to steal data from Microsoft Copilot with just one click by exploiting prompt injection (tricking an AI by hiding instructions in its input) through hidden URLs and other hidden variables. This attack is part of a larger category of security issues affecting AI systems that use similar injection techniques. The vulnerability has already been patched.
Kiro IDE, an AI-powered development tool, had a security flaw in versions before 0.11.133 where authentication token cache files (files storing login credentials) were saved with world-readable permissions on macOS and Linux, meaning any user or process on the same computer could read them instead of just the owner.
The Trump administration ordered Anthropic to take its newest AI models offline and block access for all foreign nationals, including the company's own international employees. This incident highlights how the US government can control access to advanced AI technology, even for American companies, raising concerns about global AI development being dominated by American political decisions.
Tech company lobbyists in Washington have been pushing for preemption, a comprehensive federal law that would create one set of AI rules across the entire country instead of having different regulations in each state. Their efforts have faced political obstacles and public backlash, and they worry that after upcoming elections, Congress may have more Democrats who are unwilling to support their proposals.
Salesforce is acquiring Fin (formerly Intercom), an AI customer service platform, for $3.6 billion to strengthen its agentic AI (autonomous artificial intelligence agents that can independently handle tasks) offerings. Fin's main product is an AI agent powered by a proprietary model called Apex that can resolve customer inquiries across multiple channels including chat, email, WhatsApp, and Slack. This acquisition reflects how software companies are competing to invest in more autonomous AI technologies as businesses increasingly demand agentic solutions.
A vulnerability in Angular's Service Worker allows sensitive credentials (like authorization tokens or session cookies) to leak to untrusted websites when the Service Worker follows cross-origin redirects (requests sent to a different domain). The Service Worker fails to remove these sensitive headers when redirecting to another origin, exposing them to attackers.
This research paper presents a new security framework called TFSEA that combines feature selection (choosing which data points matter most), classification (sorting data into categories), and authentication (verifying user identity) to detect unauthorized access attempts in cloud computing environments. The paper proposes using this hybrid approach to improve how well systems can identify and prevent intrusions in cloud infrastructure.
Widget Factory Joomla Content Editor has an improper access control vulnerability (a security flaw where the software fails to properly restrict who can do what) that allows unauthenticated users (people without login credentials) to upload and execute PHP code (a server-side programming language) by creating new editor profiles. This vulnerability is currently being exploited in active attacks.
Fix: The source states to "Apply mitigations in accordance with vendor instructions" and references the Joomla Content Editor website for a security update and patch at https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites and https://www.joomlacontenteditor.net/support/changelog/editor. If mitigations are unavailable, organizations should follow CISA BOD 26-04 guidance for cloud services or discontinue use of the product. The deadline for applying these mitigations is 2026-06-19.
CISA Known Exploited VulnerabilitiesOpenAI developed Deployment Simulation, a method that tests new AI models by replaying real conversations from previous deployments to see how the new model would behave before release. This approach helps identify unexpected problems and predict how often undesired behaviors might occur in real-world use, addressing limitations of traditional evaluation methods like coverage gaps and selection bias (favoring certain test scenarios over others).
The U.S. Department of Justice seized two websites, CFAKE.com and SOCFAKE.com, that hosted nonconsensual AI-generated nude images and videos of women, marking the first major enforcement action under the TAKE IT DOWN Act. Deepfakes (AI-generated or AI-manipulated media depicting people in ways that never occurred) of politicians, celebrities, and other public figures were shared on these sites, and the seizure resulted from a coordinated investigation involving U.S., Italian, and French authorities. The TAKE IT DOWN Act, signed into law in May 2025, makes it a federal crime to publish sexually explicit altered images without consent and requires online platforms to remove reported intimate images within 48 hours.
Fix: The TAKE IT DOWN Act (47 U.S.C. § 223) requires online platforms to remove reported intimate images and deepfakes within 48 hours of receiving a valid request from a victim. Violators are subject to fines, imprisonment, or both.
BleepingComputerThe U.S. Commerce Department used an export control directive to force Anthropic to take its Fable 5 and Mythos 5 AI models offline, citing national security concerns without providing specifics. Security experts argue the action was based on a misunderstanding of a guardrail bypass (a method to get an AI to ignore its safety restrictions) that cannot be meaningfully fixed without weakening the models' security capabilities, and they contend the government's intervention appears retaliatory rather than justified by technical merit.
Fix: Update Cursor to version 3.0.0 or later. According to the source, 'This issue has been fixed in version 3.0.0.'
NVD/CVE DatabaseFix: Update @opentelemetry/core to version 2.8.0 or later. The fix enforces the W3C Baggage specification limits at the propagator level: maximum total baggage size of 8,192 bytes, maximum 180 entries, and maximum per-entry size of 4,096 bytes. Headers exceeding these limits are truncated. Additionally, the source recommends configuring header size limits at the server or gateway level, and for non-HTTP transports receiving baggage from untrusted sources, validate input size before passing it to the propagator.
GitHub Advisory DatabaseFix: The attack has been patched, though the source does not specify the patch version or detailed remediation steps.
Dark ReadingThe White House ordered Anthropic to block foreign access to its newly released AI models, Fable 5 and Mythos 5, after researchers discovered potential jailbreaks (methods to make the AI ignore its safety guidelines) that could be exploited for cyberattacks. Anthropic complied by shutting off access to both models for all users, though the company disagreed with the decision, arguing that a narrow security flaw shouldn't justify recalling models used by hundreds of millions of people.
Fix: Anthropic removed access to Fable 5 and Mythos 5 for all users in response to the government's legal directive.
The Verge (AI)Fix: Update Kiro IDE to version 0.11.133 or later.
AWS Security BulletinsThe U.S. government ordered AI company Anthropic to disable access to its latest AI models, Fable 5 and Mythos 5, citing national security concerns about a potential jailbreak (a method to bypass safety restrictions). Anthropic complied by shutting down access for all users, and senior staff are meeting with Trump administration officials to resolve the dispute, which follows earlier government actions restricting defense contractors from using Anthropic's technology.
Anthropic, an AI company, is meeting with US government officials after releasing Fable 5 and Mythos 5, new versions of its Claude Mythos AI model, which the government suspended due to national security concerns. The government discovered a potential jailbreak (a method to make an AI tool do something unintended) in the publicly available version shortly after release, and Anthropic reported receiving only verbal evidence of the vulnerability so far.
Fix: Update to one of the patched versions: 22.0.1, 21.2.17, or 20.3.25.
GitHub Advisory Database