Zoom patched a critical CVE-2026–22844 RCE flaw in Node MMRs, while GitLab fixed DoS and 2FA bypass vulnerabilities affecting CE and EE versions.
Get the latest international news and world events from around the world.
Chainlit AI Framework Flaws Enable Data Theft via File Read and SSRF Bugs
Security vulnerabilities were uncovered in the popular open-source artificial intelligence (AI) framework Chainlit that could allow attackers to steal sensitive data, which may allow for lateral movement within a susceptible organization.
Zafran Security said the high-severity flaws, collectively dubbed ChainLeak, could be abused to leak cloud environment API keys and steal sensitive files, or perform server-side request forgery (SSRF) attacks against servers hosting AI applications.
Chainlit is a framework for creating conversational chatbots. According to statistics shared by the Python Software Foundation, the package has been downloaded over 220,000 times over the past week. It has attracted a total of 7.3 million downloads to date.
Microsoft shares workaround for Outlook freezes after Windows update
Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month’s Windows security updates.
As explained one week ago, when Microsoft acknowledged the issue, the bug causes the classic Outlook desktop client to hang for users with POP email accounts who have deployed the KB5074109 security update on Windows 11 25H2 and 24H2 systems.
Other symptoms include the inability to reopen Outlook without ending the process via Task Manager or restarting the device, Outlook redownloading emails, and emails not appearing in the Sent Items folder even though they were sent.
Zendesk ticket systems hijacked in massive global spam wave
People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines.
The wave of spam messages started on January 18th, with people reporting on social media that they received hundreds of emails.
While the messages do not appear to contain malicious links or obvious phishing attempts, the sheer volume and chaotic nature of the emails have made them highly confusing and potentially alarming for recipients.
New Android malware uses AI to click on hidden browser ads
A new family of Android click-fraud trojans leverages TensorFlow machine learning models to automatically detect and interact with specific advertisement elements.
The mechanism relies on visual analysis based on machine learning instead of predefined JavaScript click routines, and does not involve script-based DOM-level interaction like classic click-fraud trojans.
The threat actor is using TensorFlow.js, an open-source library developed by Google for training and deploying machine learning models in JavaScript. It permits running AI models in browsers or on servers using Node.js.
Chinese military says it is developing over 10 quantum warfare weapons
China’s military says it is using quantum technology to gather high-value military intelligence from public cyberspace.
The People’s Liberation Army said more than 10 experimental quantum cyber warfare tools were “under development”, many of which were being “tested in front-line missions”, according to the official newspaper Science and Technology Daily.
The project is being led by a supercomputing laboratory at the National University of Defence Technology, according to the report, with a focus on cloud computing, artificial intelligence and quantum technology.
‘Largest Infrastructure Buildout in Human History’: Jensen Huang on AI’s ‘Five-Layer Cake’ at Davos
From skilled trades to startups, AI’s rapid expansion is the beginning of the next massive computing platform shift, and for the world’s workforce, a move from tasks to purpose.
At a packed mainstage session at the annual meeting of the World Economic Forum in Davos, Switzerland, NVIDIA founder and CEO Jensen Huang described artificial intelligence as the foundation of what he called “the largest infrastructure buildout in human history,” driving job creation across the global economy.
Speaking with BlackRock CEO Larry Fink, Huang framed AI not as a single technology but as a “a five-layer cake,” spanning energy, chips and computing infrastructure, cloud data centers, AI models and, ultimately, the application layer.
APOE4 to APOE2 allelic switching in mice improves Alzheimer’s disease-related metabolic signatures, neuropathology and cognition
APOE allele switching improves Alzheimer’s in mice.
Type of apolipoprotein E (APOE) allele carried by individuals is a major risk factor in Alzheimer’s disease (AD). For example, compared to individuals carrying two copies of the APOE ε4 allele, ε2 homozygotes have an approximate 99% reduction in late-onset Alzheimer’s disease (AD) risk.
The authors in this study developed a knock-in mouse model that allows for an inducible ‘switch’ between risk and protective alleles (APOE4s2). These mice synthesize E4 at baseline and E2 after tamoxifen administration.
A whole-body allelic switch resulted in a metabolic profile resembling E2/E2 humans and drives AD-relevant alterations in the lipidome and single-cell transcriptome, particularly in astrocytes.
E4 to E2 switching improved cognition, decreased amyloid pathology, lowered gliosis and reduced plaque-associated apolipoprotein E.
Thus, APOE replacement may be a viable strategy for future gene editing approaches to simultaneously reduce multiple AD-associated pathologies. sciencenewshighlights ScienceMission https://sciencemission.com/APOE4-to-APOE2-allelic-switching