Nine vulnerabilities including a hardcoded authentication bypass and critical MCP command injection were disclosed in PraisonAI, with scanners targeting the auth bypass endpoint less than four hours after the advisory went public.
The latest AI security developments, threats, and industry updates.
Nine vulnerabilities including a hardcoded authentication bypass and critical MCP command injection were disclosed in PraisonAI, with scanners targeting the auth bypass endpoint less than four hours after the advisory went public.
Check Point Research demonstrated that a frontier AI model independently discovered a viable ransomware attack path using Chrome's File System Access API — no native payload, no exploited vulnerability, no root access required.
Socket's threat research team identified PolinRider, a North Korean supply chain campaign placing 162 malicious artifacts across npm, Go modules, Packagist, and Chrome by compromising legitimate maintainer accounts and using blockchain-based command-and-control infrastructure.
Two critical vulnerabilities in Cursor IDE, CVE-2026-50548 and CVE-2026-50549 (collectively DuneSlide), allow prompt injection attacks to escape the editor's sandbox and execute arbitrary code at the OS level — with no user click required. All Cursor versions before 3.0 are affected. Cato Networks disclosed publicly on July 3, 2026.
OpenAI's Daybreak program and its GPT-5.5-Cyber model have found hundreds of vulnerabilities across critical open-source infrastructure in weeks, including a 23-year-old OpenBSD bug and a Firefox WebAssembly flaw that emptied Pwn2Own's Firefox bracket. The same model scores 39.5% on ExploitGym.