Author: user
Ravi LakshmananJanuary 21, 2026Vulnerability / Artificial Intelligence A security vulnerability has been discovered in the popular open source artificial intelligence (AI) framework Chainlit. This vulnerability could allow an attacker to steal sensitive data and potentially allow lateral movement within a susceptible organization. Zafran Security said the high-severity flaws, collectively referred to as ChainLeak, could be exploited to leak API keys in cloud environments to steal sensitive files or conduct server-side request forgery (SSRF) attacks against servers hosting AI applications. Chainlit is a framework for creating conversational chatbots. According to statistics shared by the Python Software Foundation, this package has been…
A recently discovered sophisticated Linux malware framework known as VoidLink is believed to have been developed by a single person with the assistance of artificial intelligence (AI) models. This is due to new findings from Check Point Research, which identify operational security mistakes by the malware’s creators and shed light on the origin of the malware’s development. The latest insights make VoidLink one of the first instances of advanced malware generated primarily using AI. “These materials provide clear evidence that the malware was primarily generated through AI-driven development and reached its first functional implant within a week,” the cybersecurity firm…
Europe’s digital backbone is under increasing strain as cyber-sabotage, ransomware and foreign interference become everyday realities. In response, the European Commission announced a wide-ranging review of cybersecurity law and set out a new strategy to secure technology supply chains, reduce exposure to high-risk vendors, and strengthen the EU’s collective capacity to prevent and respond to cyber crises. The proposal marks a shift from piecemeal defenses to a more coordinated security-by-design approach aimed at protecting critical services, businesses and citizens across the bloc. The proposed reforms aim to future-proof the EU’s digital ecosystem by strengthening supply chain security, simplifying business rules…
A recent study by Washington State University geophysicists provides insight into how nutrients reach the subsurface ocean of Europa, one of Jupiter’s moons and a leading candidate for extraterrestrial life in our solar system. Scientists have long wondered how life-sustaining nutrients can get from the Earth’s surface to Europe’s oceans, where microscopic life is thought to exist. Using computer modeling, the research team showed that dense, nutrient-rich ice can separate from surrounding ice and descend into the ocean, taking advantage of the geological process of crustal delamination. “This is a novel idea in planetary science, inspired by ideas that are…
Days before a scheduled trial, social media company Snap has settled a lawsuit accusing the platform of creating social media addiction, according to multiple media reports. The settlement was announced Tuesday in California Superior Court in Los Angeles County, according to the New York Times. The lawsuit against Snap was filed by a 19-year-old boy, known in court documents as KGM, who accused the social media app of designing algorithms and features that cause addiction and mental health problems. Terms of the settlement were not disclosed. The lawsuit also names other platforms, including Meta, YouTube, and TikTok. No settlements have…
Rabi LakshmananJanuary 21, 2026Email security/malware LastPass is warning users that a new phishing campaign is active that impersonates the password management service and aims to trick users into giving up their master passwords. The campaign, which began around January 19, 2026, sends phishing emails claiming upcoming maintenance and prompting you to create a local backup of your password vault within 24 hours. According to LastPass, the message has the following subject line: Update your LastPass infrastructure: Secure your Vault now Data & protection: Back up your Vault before maintenance Don’t miss: Back up your Vault before your maintenance Important: LastPass…
Ravi LakshmananJanuary 21, 2026Open source/vulnerabilities A security vulnerability has been disclosed in the popular binary parser npm library that could be successfully exploited to execute arbitrary JavaScript. This vulnerability is tracked as CVE-2026-1245 (CVSS score: N/A) and affects all versions of the module prior to version 2.3.0, which resolves the issue. A patch for this flaw was released on November 26, 2025. Binary-parser is a widely used parser builder for JavaScript that allows developers to parse binary data. Supports a wide range of common data types such as integers, floating point values, strings, and arrays. This package attracts approximately 13,000…
Industry reports and the growth of voice modeling companies in the Indian market suggest that there is a growing demand for voice AI solutions in the country. Voice is a popular medium for communication between people and businesses in India. Therefore, enterprises and startups are keen to use voice AI to increase efficiency in customer support, sales, customer acquisition, recruitment, and training. But recognizing market demand is one thing, proving that a company will pay is another. Y Combinator rejected an application from Bolna, the audio orchestration startup founded by Mitreya Wagh and Prateek Sachan, five times, skeptical that the…
Last week, the US government lifted its previous ban and formally approved the sale of Nvidia’s H200 chips, along with AMD’s chip line, to approved Chinese customers. Perhaps they aren’t the brightest, most cutting-edge chips from these chipmakers, but their exports are controversial because they are high-performance processors used for AI. And at the World Economic Forum in Davos on Tuesday, Anthropic CEO Dario Amodei blamed both the government and semiconductor companies for the decision. This criticism was particularly salient because one of those chipmakers, Nvidia, is a major partner and investor in Anthropic. “The CEOs of these companies are…
Elon Musk said over the long weekend that Tesla aims to resume work on the electric car company’s previously abandoned third-generation AI chip, Dojo3. Only this time, Dojo3 is not intended to train self-driving models on Earth. Instead, Musk said it would specialize in “space-based AI computing.” The move comes five months after Tesla effectively shut down its Dojo effort. The company has disbanded its Dojo supercomputer development team following the retirement of Dojo leader Peter Bannon. Approximately 20 Dojo employees also left and joined DensityAI. DensityAI is a new AI infrastructure startup founded by former Dojo director Ganesh Venkataramanan…