Google Chrome’s silent 4GB AI download problem [updated]

Google Chrome has been quietly downloading a 4GB AI model onto users' devices without asking first. Security researcher Alexander Hanff, aka ThatPrivacyGuy, reports that Chrome has been silently installing Gemini Nano, Google's on-device AI model, as a file called weights.bin stored in the...

CVE-2026-43259 phy: fsl-imx8mq-usb: set platform driver data

In the Linux kernel, the following vulnerability has been resolved: phy: fsl-imx8mq-usb: set platform driver data Add missing platformsetdrvdata as the data will be used in remove...

Combating Data Laundering in LLM Training

Data rights owners can detect unauthorized data use in large language model LLM training by querying with proprietary samples. Often, superior performance e.g., higher confidence or lower loss on a sample relative to the untrained data implies it was part of the training corpus, as LLMs tend to...

90% of people don’t trust AI with their data

AI didn’t sneak into our lives. It burst through the door, took a seat at the table, and started finishing our sentences. Instead of a helpful list of links, Google now tries to answer your question. Microsoft’s Copilot drafts replies to your boss before you’ve had coffee. Your phone summarizes...

EUVD-2026-12301

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application...

CVE-2026-20992

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application...

CVE-2026-20992

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application...

CVE-2026-20992

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application...

CVE-2026-20992

Summary of disclosed details: The connected advisories indicate an improper authorization in Settings prior to SMR Mar-2026 Release 1, enabling a local attacker to disable the configuration of background data usage. The NCSC advisory confirms this family of fixes for Google Android and Samsung Mo...

CVE-2026-20992

Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application...

SAMSUNG Settings 安全漏洞

SAMSUNG Settings is a setting service provided by South Korea’s Samsung Corporation. Versions of SAMSUNG Settings prior to SMR Mar-2026 Release 1 contained security vulnerabilities. These vulnerabilities were due to improper authorization, and they could potentially allow local attackers to disab...

CVE-2026-31894 WeGIA affected by arbitrary file read via symlink in backup restore

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

CVE-2025-68328 firmware: stratix10-svc: fix bug in saving controller data

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platformsetdrvdata and devsetdrvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to...

Prevalence of Security and Privacy Risk-Inducing Usage of AI-Based Conversational Agents

Recent improvement gains in large language models LLMs have lead to everyday usage of AI-based Conversational Agents CAs. At the same time, LLMs are vulnerable to an array of threats, including jailbreaks and, for example, causing remote code execution when fed specific inputs. As a result, users...

EUVD-2020-1730

Malware in sbrugna...

EUVD-2021-13120

Malware in sbrugna...

EUVD-2023-25341

Malicious code in bioql PyPI...

security-analytics

This repository is a community-driven set of security analytics for auditing cloud usage and detecting threats to data & workloads in Google Cloud. It provides a list of sample security analytics for auditing cloud usage and detecting threats, which may assist detection engineers, threat hunters,...

The 5 Golden Rules of Safe AI Adoption

Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don't wa...

Linux Distros Unpatched Vulnerability : CVE-2022-22748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This...