Hi, I'm Vivian, a cybersecurity and AI Product Manager trying to keep up with an industry that moves faster than I can whisk up my morning matcha. Every week brings a new wave of vulnerabilities, AI security mishaps, and breaches that keep us on our toes, so I take some time to share the most interesting news instead of letting it all blur together. Let's dive into whats been keeping us up at night recently in cybersecurity and AI security.
AI Research & Vulnerabilities:
Malicious VS Code Extensions Caught Harvesting Developer Data
Two popular VS Code extensions with over 1.5 million combined installs were discovered running hidden spyware operations. ChatGPT - 中文版 and ChatMoss functioned as legitimate AI coding assistants while secretly monitoring every file opened and keystroke made, sending data to servers in China. The campaign, called MaliciousCorgi, used real-time monitoring, server-controlled backdoors for mass file exfiltration, and analytics tracking to profile developer identities and behavior. Worth checking your installed extensions if you use VS Code.
Critical Vulnerabilities Found in Chainlit AI Framework
Researchers disclosed ChainLeak, two critical vulnerabilities in the open-source AI framework Chainlit that could lead to full system compromise. The first flaw allows authenticated attackers to read arbitrary files by manipulating custom element properties. The second enables server-side request forgery, letting attackers control element URLs to access internal resources. These vulnerabilities can be chained together to move laterally into broader cloud infrastructure. Chainlit version 2.9.4 addresses both issues.
SSRF Vulnerability in Microsoft's MarkItDown MCP Server
A server-side request forgery vulnerability dubbed MCP fURI was found in Microsoft's official MarkItDown Model Context Protocol server. The flaw stems from insufficient URI validation, allowing attackers or compromised agents to force the server to fetch content from any internal or external resource. On AWS EC2 instances using IMDSv1, this can be exploited to query the metadata service and exfiltrate cloud credentials. Another reminder to validate all user input and consider upgrading to IMDSv2.
Claude AI Denial of Service via Magic String
Researchers identified an integration risk in Anthropic's Claude models where a specific string forces the model to abort generation with a refusal signal. When injected into shared contexts like databases or multi-user chats, this creates a denial of service that persists until the text is manually removed from conversation history. Since many applications reset or halt upon refusal signals, a single malicious entry can effectively disable automated workflows. An interesting edge case to consider for AI integrations.
AI News:
OpenAI Plans Revenue Diversification Beyond Subscriptions
OpenAI's CFO outlined the company's strategy for expanding revenue streams beyond consumer and enterprise subscriptions. The roadmap includes high-margin agentic services where OpenAI would take a percentage of transactions facilitated by autonomous AI agents, such as travel bookings or specialized professional services. The company is also pursuing B2B integrations and custom silicon partnerships to offset the costs of training next-generation models. The goal is to transform ChatGPT from a conversational tool into a broader economic platform.
Apple Developing Screenless AI Wearable for 2027
Apple is reportedly working on a screenless, AI-powered wearable device designed to be pinned to clothing, with a target launch in 2027. The device aims to reduce smartphone dependency by using Apple Intelligence to handle messaging, scheduling, and environmental awareness through a built-in camera and microphones. Unlike previous market entries that struggled with battery and thermal issues, Apple's version is expected to integrate with the iOS ecosystem and use proprietary silicon optimized for low-power AI processing. Represents a potential shift toward post-smartphone interfaces.
Google Launches Free SAT Practice Tests in Gemini
Google introduced full-length practice SAT exams in Gemini, developed in partnership with education providers like The Princeton Review. The feature provides instant feedback, identifies knowledge gaps, and offers detailed explanations for incorrect answers. Students can also generate personalized study plans based on their test results. The move positions Google more directly in the college preparatory market with a no-cost alternative to traditional test prep services.
Cybersecurity News:
GitLab Patches 2FA Bypass and DoS Vulnerabilities
GitLab released security updates addressing several high-severity vulnerabilities, including a two-factor authentication bypass that allows attackers with knowledge of a credential ID to circumvent 2FA by submitting forged device responses. The patches also fix two denial-of-service vulnerabilities that could let unauthenticated attackers crash instances through malformed Wiki documents or SSH authentication requests. Administrators should upgrade to versions 18.8.2, 18.7.2, or 18.6.4.
Security Training Apps Exposed on Public Internet
Researchers found that organizations, including major security vendors like Palo Alto Networks, Cloudflare, and F5, inadvertently exposed vulnerable training applications to the public internet. These intentionally vulnerable apps, such as OWASP Juice Shop and DVWA, were discovered running with default credentials and overly permissive IAM roles. Over 1,600 exposed servers were identified, with many already exploited by threat actors to deploy crypto-miners and establish persistence via known vulnerabilities. Highlights the importance of properly isolating test and training environments.
Active Phishing Campaign Targets LastPass Users
LastPass warned of an ongoing phishing campaign that started around January 19, 2026. Malicious emails claim the service is undergoing maintenance and urge users to back up their vaults within 24 hours. The emails contain links to credential-harvesting sites. LastPass confirmed it does not request vault backups and reminded users never to share master passwords. The company is working to take down the malicious domains.
That's all for now… Stay informed and protected.