ChatGPT and Codex flaws patched Feb 2026 exposed DNS exfiltration and GitHub tokens, raising enterprise AI security risks.
Category: security
Microsoft pulls KB5079391 Windows update over install issues
Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0×80073712 errors during installation.
KB5079391, the problematic optional cumulative update, started rolling out on Thursday to Windows 11 24H2 and 25H2 systems with 29 changes, including Smart App Control and Display improvements.
This preview update also improved Windows Hello Fingerprint reliability on some devices and Windows Recovery Environment (Windows RE) stability when running x64 apps on ARM64 devices.
Apple adds macOS Terminal warning to block ClickFix attacks
Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks.
The new mechanism appears to be aimed primarily at blocking ClickFix attacks and has been reported by macOS users since the release candidate version of the operating system. Apple didn’t specifically mention it in macOS Tahoe 26.4 release notes.
ClickFix is a social engineering technique that tricks users into pasting malicious commands into the command line interface under the pretense of fixing a problem or a verification process.
Next-generation optical sensor can read photon spin across UV-to-infrared wavelengths
A research team led by Professor Jiwoong Yang of the Department of Energy Science and Engineering at DGIST has developed next-generation optical sensor technology capable of precisely detecting not only the intensity and wavelength of light but also its rotational direction—the spin information of photons. The team successfully implemented a quantum-dot-based optical sensor that can detect circularly polarized light (CPL) across an ultra-wide spectral range—from ultraviolet to short-wave infrared—demonstrating photodetection performance comparable to that of commercial silicon optical sensors. The paper is published in Advanced Materials.
CPL refers to light in which the electric field rotates helically as it propagates. This is directly linked to the spin information of photons—the fundamental particles of light. This polarization information serves as a crucial signal in next-generation security and communication technologies, such as quantum communication, quantum cryptography, and photonic quantum information processing, which is why related optical sensor technologies are attracting significant worldwide attention.
Conventional circularly polarized light sensors typically require the light-absorbing material itself to possess a specific helical orientation, known as a chiral structure. This approach not only limits the range of usable materials but also confines detection to narrow spectral regions, such as ultraviolet or visible light. Extending this technology into the infrared region, which is essential for quantum communication and optical sensing, has previously posed a major technical challenge.
[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks
That’s where things get shaky. A control exists, so it’s assumed to work. A detection rule is active, so it’s expected to catch something. But very few teams are consistently testing how all of this holds up when someone is actively trying to break through, step by step.
This is exactly the gap this webinar focuses on.
Exposure-Driven Resilience: Automate Testing to Validate & Improve Your Security Posture is a practical session built around one idea: stop guessing, start proving. Instead of relying on occasional testing or assumptions, it shows how to validate your security posture continuously using real attacker behavior.
Thousands of websites are accidentally broadcasting sensitive data, study finds
Researchers have discovered a major security leak hiding in plain sight on the internet that could expose the personal data and financial records of millions of people. In a paper published on the arXiv preprint server, Nurullah Demir of Stanford University and colleagues analyzed 10 million websites to see how often API (application programming interfaces) credentials are exposed. These are digital keys or tokens that enable different software programs to communicate and are often used to process bank payments and access cloud storage.
The team used a huge database called the HTTP Archive, which tracks how millions of real websites work. They looked at live, running versions of sites to monitor how data is processed as pages load.
By examining the websites while they were active, the researchers identified API credentials that appear only when a user visits a site. These credentials are specific strings of text that a website uses to identify itself to services like banks or cloud providers.
GitHub adds AI-powered bug detection to expand security coverage
GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks.
The developer collaboration platform says that the move is meant to uncover security issues “in areas that are difficult to support with traditional static analysis alone.”
CodeQL will continue to provide deep semantic analysis for supported languages, while AI detections will provide broader coverage for Shell/Bash, Dockerfiles, Terraform, PHP, and other ecosystems.
PolyShell attacks target 56% of all vulnerable Magento stores
Attacks leveraging the ‘PolyShell’ vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores.
According to eCommerce security company Sansec, hackers started exploiting the critical PolyShell issue en masse last week, just two days after public disclosure.
“Mass exploitation of PolyShell started on March 19th, and Sansec has now found PolyShell attacks on 56.7% of all vulnerable stores,” Sansec says.