We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is

While the software industry has made genuine strides over the past few decades to deliver products securely, the furious pace of AI adoption is putting that progress at risk. Businesses are moving fast to self-host LLM infrastructure, drawn by the promise of AI as a force multiplier and the...

Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users

A fake Chrome browser extension called 'ChatGPT Ad Blocker' was harvesting conversations of ChatGPT users in the name of offering an ad-free experience...

CVE-2026-0598 Ansible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed api

A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could acces...

CVE-2025-36911

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-2722

In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote proximal/adjacent information disclosure of user's conversations and location with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-21445

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue allows any unauthenticated user to access sensitive user conversation data, transaction histories...

PT-2026-1123

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0.dev45 Description Langflow, a tool for building and deploying AI-powered agents and workflows, has several critical API endpoints missing authentication controls. This allows any unauthenticated user to access...

EUVD-2005-2956

Malware in sbrugna...

EUVD-2022-5650

Malicious code in bioql PyPI...

CVE-2020-9379

The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations...

CVE-2020-9379

The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations...

CVE-2020-9379

CVE-2020-9379 affects the MiContact Center Business SDK with Site Based Security versions 8.0 through 9.0.1.0 before KB496276. The description states that an authenticated user can access sensitive information, potentially exposing user conversations. The core issue appears to be access-control-r...

Apple Updates Privacy Policies After Siri Audio Recording Backlash

Apple is taking steps to improve the privacy of audio collected by its Siri voice assistant, on the heels of backlash around a program that let contractors listen into Siri conversations. On Wednesday, the phone giant apologized for violating users’ privacy through the program, which was...

Design/Logic Flaw

A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations...

Tinfoleak v2.0 - Get detailed information about a Twitter user activity

Are you interested in OSINT tools? Tinfoleak is the best OSINT tool for Twitter, and is open-source! The new version includes a lot of new and improved features: Search by coordinates Geolocated users Tagged users User conversations Identification in other social networks More powerful and flexib...

EFF Warns Users About Privacy Issues With New AIM Chat Client

Privacy experts at the EFF are warning users not to upgrade to the new version of the venerable AOL Instant Messenger chat client because of some serious privacy concerns with the application. The main concern is that the new version of AIM automatically logs all user conversations by default, bu...