Musk promises purge after Grok Build caught sending entire repos to the cloud
Researcher confirms the uploads have stopped, but says xAI's privacy command was not what fixed them
Stay informed on infosec trends, threats, and strategies with the latest updates and expert insights in Information Security.
Search across headline titles and summaries.
Background for this topic.
Fixed is a status indicating that a security issue has been addressed through a corrective change, such as a software patch, code change, configuration update, or removal of an affected component. In vulnerability tracking, it usually describes the issue under specified conditions and versions; it does not automatically prove that every affected asset has been updated or that exploitation is impossible.
For vulnerability management, practitioners should verify the fix’s scope, deployment, and effectiveness through testing, rescanning, or other evidence. Incomplete rollout, an overlooked instance, a dependent vulnerable component, or a regression can leave exposure despite a “Fixed” label. Records should distinguish fixed from mitigated or accepted, identify affected assets and versions, and retain validation dates. If the issue was exploited before remediation, fixing it does not establish that an attacker’s access or changes have been removed; that requires separate investigation.
Weekly headline count for the current query.
Researcher confirms the uploads have stopped, but says xAI's privacy command was not what fixed them
EXCLUSIVE 'Working as intended' for the win … again
All have patches, so make sure you upgrade to a fixed version
Another day, another AI bug silently fixed with no CVE and no public disclosure
Palo Alto Networks found and fixed 75 flaws this month, up from its usual five
Check Point says outbound controls blocked web traffic but overlooked DNS OpenAI talks up data security for its AI services, yet Check Point says that ChatGPT allowed data to leak through a DNS side channel before the flaw was fixed.…
Released from the curse of the update bork fairy Microsoft has finally fixed a Windows Recovery Environment (WinRE) bug it introduced in Windows 10's final update.…
Report claims more vulnerabilities created than fixed as remediation gap widens Veracode has posted its annual State of Software Security report, based on data from 1.6 million applications tested on its cloud platform, finding that more vulnerabilities are being created than are being fixed, and that high-velocity development with AI is making comprehensive security unattainable.…
Anthropic fixed the flaws - but the AI-enabled attack surfaces remain Security vulnerabilities in Claude Code could have allowed attackers to remotely execute code on users' machines and steal API keys by injecting malicious configurations into repositories, and then waiting for a developer to clone and open an untrustworthy project.…
US agencies told to patch by Friday Attackers are exploiting a critical SolarWinds Web Help Desk bug - less than a week after the vendor disclosed and fixed the 9.8-rated flaw. That's according to America's lead cyber-defense agency, which set a Friday deadline for federal agencies to patch the security flaw.…
If you skipped it back then, now’s a very good time You've got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw.…
ACME validation had a challenge-request hole Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover.…
Prompt injection for the win Anthropic has fixed three bugs in its official Git MCP server that researchers say can be chained with other MCP tools to remotely execute malicious code or overwrite files via prompt injection.…
Office workers without AI experience warned to watch for prompt injection attacks - good luck with that Anthropic's tendency to wave off prompt-injection risks is rearing its head in the company's new Cowork productivity AI, which suffers from a Files API exfiltration attack chain first disclosed last October and acknowledged but not fixed by Anthropic.…
PLUS: Veeam patches critical vuln; Crims bribing dark web insiders; UK school takedown; And more infosec in brief Meta has fixed a flaw in its Instagram service that allowed third parties to generate password reset emails, but denied the problem led to theft of users’ personal information.…
As you should, when being told the only remedy is deleting everything and starting again On Call 2025 has ended and a new year is upon us, but The Register will continue opening Friday mornings with a fresh installment of On Call – the reader-contributed column that tells your tales of tech support.…
Long after CVEs issued and open source flaws fixed Last fall, Jakub Ciolek reported two denial-of-service bugs in Argo CD, a popular Kubernetes controller, via HackerOne's Internet Bug Bounty (IBB) program. Both were assigned CVEs and have since been fixed. But instead of receiving an $8,500 reward for the two flaws, Ciolek says, HackerOne ghosted him for months.…
Christmas comes early for attackers this year Two high-severity Android bugs were exploited as zero-days before Google issued a fix, according to its December Android security bulletin. …
The goal of 'oxidizing' the Linux distro hits another bump Two vulnerabilities in Ubuntu 25.10's new "sudo-rs" command have been found, disclosed, and fixed in short order.…
Encryption protects content, not context Mischief-makers can guess the subjects being discussed with LLMs using a side-channel attack, according to Microsoft researchers. They told The Register that models from some providers, including Anthropic, AWS, DeepSeek, and Google, haven't been fixed, putting both personal users and enterprise communications at risk.…