An incident and vulnerability tracker for AI/ML systems. Model leaks, training-data exposures, jailbreak disclosures, ML library CVEs, vendor breaches, and confirmed prompt-injection-in-the-wild — each entry linked to a primary source, dated, and tagged for filtering.
A weak-hash flaw in Langchain-Chatchat up to 0.3.1.3 lets an adjacent attacker overwrite pasted images by colliding MD5 hashes computed from PIL.Image.tobytes. No vendor patch has shipped.
Germany's BKA has put a name and a face to UNKN, the operator behind GandCrab and REvil. Russia will not extradite, but the wanted notice is doing other work — and there is a lesson for everyone running a ransomware-readiness program.
A critical unauthenticated PHP code injection flaw in MetInfo CMS 7.9–8.1 (CVSS 9.8) is under active exploitation. Patch to the April 7 release immediately.
A medium-severity deserialization bug in SGLang's get_tokenizer routine affects all releases up to 0.5.9. The vendor has not responded to the disclosure, and no fixed version is listed.
AI incidents and vulnerabilities — tracked, sourced, dated. — delivered when there's something worth your inbox.
No spam. Unsubscribe anytime.