Posts

High-signal AI/security/automation notes.

2026-05-16 AI Stack CVEs

Google GTIG — PROMPTSPY Autonomous AI Malware Interprets Systems and Generates Commands

HackerOne — Prompt Injection Reports Surge 540% Year-over-Year

mlflow — CVE-2026-2652 Authentication Bypass Exposes ML Experiment Jobs

2026-05-16 AI Stack CVEs

Next.js CVE-2026-44578 — WebSocket SSRF Threatens AI-Generated Web Apps

NVIDIA Red Team — Indirect AGENTS.md Injection via Malicious Dependencies

TeamPCP — Hackers Offer Stolen Mistral AI Source Code for $25K on BreachForums

TeamPCP — Shai-Hulud Worm Source Code Open-Sourced, BreachForums Contest Launched

UK AISI — New Mythos Checkpoint Completes Previously Unsolved Cyber Ranges

Anthropic — Glasswing Red Team Blog Discloses Thousands of AI-Found Zero-Days Across Major OS and Browsers

Azure AI Foundry CVE-2026-35435 — Privilege Escalation in M365 Published Agents

Calif — Researchers Bypass macOS Memory Integrity Enforcement Using Mythos AI

Google TIG — First Confirmed AI-Developed Zero-Day

Langflow CVE-2026-33017 Exploited in the Wild — Attackers Steal AWS Keys, Deploy NATS Botnet

Microsoft — Exploitable Misconfigurations in AI Apps, MCP Servers & Mage AI

NGINX Rift — LLM-Powered Researcher Finds 18-Year-Old RCE (CVSS 9.2) in 1/3 of All Websites

Socket & StepSecurity — Malicious node-ipc npm Packages Steal Claude AI, Kiro IDE Credentials

Posts

Hunt.io — TeamPCP FIRESCALE Malware Uses GitHub Dead-Drop for C2 Resilience

VectorSmuggle — Steganographic Data Exfiltration Through AI Embeddings

arXiv — Re-Triggering Safeguards: Embedding Disruption for Jailbreak Detection

Cyera — Four Chainable OpenClaw CVEs Expose 180K+ AI Agent Servers

Google GTIG — PROMPTSPY Autonomous AI Malware Interprets Systems and Generates Commands

HackerOne — Prompt Injection Reports Surge 540% Year-over-Year

mlflow — CVE-2026-2652 Authentication Bypass Exposes ML Experiment Jobs

Next.js CVE-2026-44578 — WebSocket SSRF Threatens AI-Generated Web Apps

NVIDIA Red Team — Indirect AGENTS.md Injection via Malicious Dependencies

TeamPCP — Hackers Offer Stolen Mistral AI Source Code for $25K on BreachForums

TeamPCP — Shai-Hulud Worm Source Code Open-Sourced, BreachForums Contest Launched

UK AISI — New Mythos Checkpoint Completes Previously Unsolved Cyber Ranges

Anthropic — Glasswing Red Team Blog Discloses Thousands of AI-Found Zero-Days Across Major OS and Browsers

Azure AI Foundry CVE-2026-35435 — Privilege Escalation in M365 Published Agents

Calif — Researchers Bypass macOS Memory Integrity Enforcement Using Mythos AI

Google TIG — First Confirmed AI-Developed Zero-Day

Langflow CVE-2026-33017 Exploited in the Wild — Attackers Steal AWS Keys, Deploy NATS Botnet

Microsoft — Exploitable Misconfigurations in AI Apps, MCP Servers & Mage AI

NGINX Rift — LLM-Powered Researcher Finds 18-Year-Old RCE (CVSS 9.2) in 1/3 of All Websites

Socket & StepSecurity — Malicious node-ipc npm Packages Steal Claude AI, Kiro IDE Credentials