All tracked items across vulnerabilities, news, research, incidents, and regulatory updates.
SimpleHelp has a path traversal vulnerability (a flaw that lets attackers access files outside their intended directory) that allows admin users to upload malicious zip files and place arbitrary files anywhere on the server, potentially leading to arbitrary code execution (running commands the attacker chooses on the system). This vulnerability is currently being actively exploited by attackers.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier for vendor-specific guidance.
CISA Known Exploited VulnerabilitiesA malicious version of Bitwarden CLI (the terminal interface for a popular password manager) was published to npm by attackers who compromised Bitwarden's CI/CD pipeline (the system that automates building and releasing software). The fake version 2026.4.0 contained malware designed to steal developer credentials like GitHub tokens, AWS keys, and API keys from infected systems, though it was detected and removed within 1.5 hours.
Anthropic has expanded Claude's capabilities to connect directly to personal apps like Spotify, Uber Eats, TurboTax, and others, similar to how ChatGPT already offers these integrations. When connected, Claude can suggest and use these apps during conversations, such as recommending hikes through AllTrails.
Flowise, a tool with a drag-and-drop interface for building customized AI workflows, has a vulnerability in versions before 3.1.0 where the GraphCypherQAChain node fails to properly clean user input before sending it to a Neo4j database (a graph database that stores connected data). An attacker could inject malicious Cypher commands (the query language for Neo4j) to steal, change, or delete data from the database.
CVE-2026-33102 is an open redirect vulnerability (a flaw where a website redirects users to an untrusted site) in Microsoft 365 Copilot that allows an attacker to elevate their privileges over a network without authorization. The vulnerability has a CVSS severity rating of 4.0 (a moderate severity score on a 0-10 scale).
Two OpenTelemetry libraries have a vulnerability where they read entire HTTP response bodies into memory without any size limit. An attacker controlling a remote endpoint or intercepting traffic (MitM, or man-in-the-middle attack, where someone secretly relays communications between two parties) could send a huge response to exhaust the application's memory and cause it to crash through an Out of Memory error.
OpenTelemetry .NET packages have a vulnerability where parsing propagation headers (headers that track request flow across services) can allocate excessive memory, potentially causing a denial of service (DoS, where a system becomes unavailable due to resource exhaustion). The issue occurs in baggage, B3, and Jaeger processing code that allocates temporary storage before checking size limits.
OpenTelemetry's dotnet implementation has a vulnerability in how it handles gRPC responses during retries. When the server sends a `grpc-status-details-bin` trailer (extra data sent with a response), the code reads a length value from it without checking if that length is reasonable, potentially allowing an attacker to force the application to allocate massive amounts of memory and crash it (a denial of service attack, or DoS). A malicious collector or someone intercepting network traffic could exploit this.
OpenTelemetry's OTLP exporter (a tool for sending telemetry data, which is information about how software is performing) reads error response bodies from servers with no limit on size, potentially causing memory exhaustion if an attacker controls the server or intercepts the connection. This could crash applications by filling up their available memory.
Pipecat's LivekitFrameSerializer contains a critical vulnerability where its deserialize() method uses pickle.loads() (a Python function that reconstructs objects from binary data) on untrusted WebSocket client data without validation. An attacker can send a malicious pickle payload to execute arbitrary code on the server, potentially compromising the entire system. This affects servers using the now-deprecated LivekitFrameSerializer, especially if exposed to external networks.
AI-driven threat detection improves enterprise security by reducing alert noise through behavioral analysis (flagging unusual deviations from normal user and system activity patterns) rather than just matching known attack signatures. The approach enables faster threat detection and containment by correlating signals from multiple systems and automating alert prioritization, which limits how far attackers can move within a network. A complete cyber resilience strategy requires AI detection integrated into a three-phase approach: preventing attacks before they happen through patching and hardening, detecting and containing threats during an attack, and recovering quickly afterward.
Sean Plankey, a cybersecurity expert nominated to lead CISA (the Cybersecurity and Infrastructure Security Agency, a government organization responsible for protecting US digital infrastructure), withdrew his nomination after 13 months of Senate delays and resistance. His withdrawal comes during a period of significant turmoil at CISA, including staff reductions, budget cuts, and the sudden departure of the acting director, which experts warn weakens US cybersecurity defenses at a critical time.
Flowise, a tool for building customized AI workflows with a drag-and-drop interface, had a security flaw in versions before 3.1.0 where a speech-generation endpoint didn't require authentication (authorization bypass, where access controls are bypassed by attackers) and could decrypt stored API keys when given a credential ID. This allowed attackers to retrieve sensitive credentials like OpenAI API keys without proper permission checks.
Flowise, a tool that lets users build custom AI workflows through a drag-and-drop interface, had a security flaw in versions before 3.1.0 where the public API endpoint (GET /api/v1/public-chatflows/:id) exposed sensitive data without filtering. The flaw revealed credential IDs, plaintext API keys (secret codes used to access other services), and password fields in the raw workflow data, making it possible for unauthorized people to see this sensitive information.
Flowise, a tool that lets users build custom AI flows through a visual interface, had a mass assignment vulnerability (a bug where user input can change database fields that shouldn't be user-controllable) in versions before 3.1.0 that allowed authenticated users to overwrite existing document storage objects and access objects from other workspaces, potentially breaking access controls (IDOR, or insecure direct object references, where an attacker can access resources by guessing their IDs).
Flowise, a tool for building customized AI language model workflows through a visual interface, had a security flaw in versions before 3.1.0 that let attackers reset any user's password without authorization. The vulnerability existed because the password reset function didn't verify that a valid reset token had been created, so attackers could submit a request with an empty or null token value (which is the default) to change a user's password if they knew the victim's email address.
The D-Link DIR-823X router has a command injection vulnerability (CVE-2025-29635), which means an attacker with authorized access can send specially crafted requests to execute arbitrary commands on the device. This vulnerability is actively being exploited in real attacks, and the affected product may no longer receive support from the vendor.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Due date: 2026-05-08. See D-Link support announcement at https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10469
CISA Known Exploited VulnerabilitiesSamsung MagicINFO 9 Server has a path traversal vulnerability (a flaw that lets attackers access files outside intended directories) that could allow an attacker to write arbitrary files with system-level permissions. This vulnerability is actively being exploited in real attacks. Organizations using this product must take action by May 8, 2026.
Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See https://security.samsungtv.com/securityUpdates for vendor guidance.
CISA Known Exploited VulnerabilitiesThe White House warned that Chinese firms are conducting large-scale theft of American AI technology through a process called distillation (copying AI models by using thousands of fake accounts to extract information from US AI systems). The administration plans to share threat information with US AI companies, coordinate defenses, develop best practices to identify and fix these attacks, and explore ways to hold foreign actors accountable.
Fix: The White House memo outlines four planned responses: sharing more information with US AI companies about 'tactics employed and actors involved' in distillation campaigns, working to 'better coordinate' with companies to fight the attacks, developing a set of 'best practices to identify, mitigate, and remediate' distillation attempts, and exploring how the White House can hold foreign actors accountable. However, the memo did not detail any specific plans for action against foreign entities found to be undertaking distillation.
BBC TechnologyFix: Users who installed the malicious version 2026.4.0 should uninstall it, clear the npm cache, and delete bw1.js and bw_setup.js from their system. Then they should: revoke all GitHub PATs (personal access tokens, which are authentication credentials), rotate npm tokens and CI publishing tokens, rotate AWS access keys and review SSM and Secrets Manager access, review Azure Key Vault audit logs and rotate affected secrets, review GCP Secret Manager access logs and rotate affected secrets, inspect GitHub Actions workflows and repository artifacts for unauthorized activity, and review shell history and AI tooling configuration files for sensitive data leakage.
CSO OnlineFix: This vulnerability is fixed in version 3.1.0. Users should update Flowise to version 3.1.0 or later.
NVD/CVE DatabaseFix: Fixed in OpenTelemetry.Sampler.AWS version 0.1.0-alpha.8 and OpenTelemetry.Resources.AWS version 1.15.1. The fixes introduce limits to HttpClient requests so that the response body is streamed rather than buffered entirely in memory. Additionally, workarounds include: ensuring the X-Ray sampling endpoint is not accessible to untrusted parties, using network-level controls (firewall rules, mTLS, service mesh) to prevent Man-in-the-Middle attacks, and if using a remote endpoint, placing it behind a reverse proxy that enforces a response body size limit.
GitHub Advisory DatabaseFix: Pull request #7061 refactors the handling of baggage, B3 and Jaeger propagation headers to stop parsing eagerly when limits are exceeded and avoid allocating intermediate arrays. Additionally, the source mentions workarounds: configure appropriate HTTP request header limits in your web server, or disable baggage and/or trace propagation if not needed.
GitHub Advisory DatabaseFix: Pull request #7064 updates `GrpcStatusDeserializer` to validate decoded length-delimited field sizes before allocation by ensuring the requested length is sane and does not exceed the remaining payload. This causes malformed or truncated `grpc-status-details-bin` payloads to fail safely instead of attempting unbounded allocation.
GitHub Advisory DatabaseGoogle's Threat Intelligence teams conducted a broad scan of the public web to find real-world examples of indirect prompt injection (IPI, where an AI system reads malicious instructions hidden in websites or documents instead of following a user's original request). The study found that most prompt injection detections on the web were actually false positives (harmless content like educational articles discussing the topic rather than actual attacks), making it difficult to identify genuine threats.
Fix: PR #7017 updates the OTLP exporter to limit response body reads to 4MiB (megabytes) in error conditions and only attempt to read the response body when OpenTelemetry error logging is enabled.
GitHub Advisory DatabaseFix: In Pipecat version 0.0.90, the vulnerable LivekitFrameSerializer class was officially deprecated in favor of a safer LiveKitTransport method.
GitHub Advisory DatabaseFix: The source mentions three explicit mitigation strategies as part of a complete resilience framework: (1) Before an attack, reduce exposure through patching, vulnerability management, endpoint hardening, and DNS filtering using tools like N-central UEM; (2) During an attack, deploy AI-driven MDR (managed detection and response) with behavioral detection, correlation, and automated response to limit blast radius; (3) After an attack, use isolated cloud backups and flexible recovery options (such as ransomware rollback supported by Cove Data Protection) to recover quickly. The source does not provide a specific patch version or single fix, but rather describes this three-phase prevention-detection-recovery model as the mitigation approach.
CSO OnlineFix: This vulnerability is fixed in version 3.1.0.
NVD/CVE DatabaseFix: Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.
NVD/CVE DatabaseFix: Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.
NVD/CVE DatabaseFix: This vulnerability is fixed in version 3.1.0. Update Flowise to version 3.1.0 or later.
NVD/CVE Database