AI security risks are shifting from models to workflows after malicious extensions stole chat data from 900,000 users & prompt injections abused AI to
Category: security
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
Node.js has released updates to fix what it described as a critical security issue impacting “virtually every production Node.js app” that, if successfully exploited, could trigger a denial-of-service (DoS) condition.
“Node.js/V8 makes a best-effort attempt to recover from stack space exhaustion with a catchable error, which frameworks have come to rely on for service availability,” Node.js’s Matteo Collina and Joyee Cheung said in a Tuesday bulletin.
“A bug that only reproduces when async_hooks are used would break this attempt, causing Node.js to exit with 7 directly without throwing a catchable error when recursions in user code exhaust the stack space. This makes applications whose recursion depth is controlled by unsanitized input vulnerable to denial-of-service attacks.”
Microsoft updates Windows DLL that triggered security alerts
Microsoft has resolved a known issue that was causing security applications to incorrectly flag a core Windows component, the company said in a service alert posted this week.
The list of affected systems is quite extensive and includes both client (Windows 10 and Windows 11) and server (Windows Server 2012 through Windows Server 2025) platforms.
According to widespread user reports over the past several months, third-party security software flagged Windows assets, including WinSqlite3.dll, a dynamic link library (DLL) included with the Windows system libraries that implements the SQLite database engine, as vulnerable to attacks exploiting a memory corruption vulnerability (CVE-2025–6965).
Quantum-dot device can generate multiple frequency-entangled photons
Researchers have designed a new device that can efficiently create multiple frequency-entangled photons, a feat that cannot be achieved with today’s optical devices. The new approach could open a path to more powerful quantum communication and computing technologies.
“Entangling particles efficiently is a critical capability for unlocking the full power of quantum technologies—whether to accelerate computations, surpass fundamental limits in precision measurement, or guarantee unbreakable security using the laws of quantum physics,” said Nicolas Fabre from Telecom Paris at the Institut Polytechnique de Paris.
“Photons are ideal because they can travel long distances through optical fibers or free space; however, there hasn’t been a way to efficiently generate frequency entanglement between more than two photons.”
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5074109 & KB5073455 cumulative updates and Windows 10 KB5073724 extended security update.
This month’s Patch Tuesday fixes one actively exploited and two publicly disclosed zero-day vulnerabilities.
Radio waves enable energy-efficient AI on edge devices without heavy hardware
As drones survey forests, robots navigate warehouses and sensors monitor city streets, more of the world’s decision-making is occurring autonomously on the edge—on the small devices that gather information at the ends of much larger networks.
But making that shift to edge computing is harder than it seems. Although artificial intelligence (AI) models continue to grow larger and smarter, the hardware inside these devices remains tiny.
Engineers typically have two options, neither are ideal. Storing an entire AI model on the device requires significant memory, data movement and computing power that drains batteries. Offloading the model to the cloud avoids those hardware constraints, but the back-and-forth introduces lag, burns energy and presents security risks.
N8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens
N8n has also warned about the security risk arising from the use of community nodes from npm, which it said can introduce breaking changes or execute malicious actions on the machine that the service runs on. On self-hosted n8n instances, it’s advised to disable community nodes by setting N8N_COMMUNITY_PACKAGES_ENABLED to false.
“Community nodes run with the same level of access as n8n itself. They can read environment variables, access the file system, make outbound network requests, and, most critically, receive decrypted API keys and OAuth tokens during workflow execution,” researchers Kiran Raj and Henrik Plate said. “There is no sandboxing or isolation between node code and the n8n runtime.”
“Because of this, a single malicious npm package is enough to gain deep visibility into workflows, steal credentials, and communicate externally without raising immediate suspicion. For attackers, the npm supply chain offers a quiet and highly effective entry point into n8n environments.”
LANL: Los Alamos To Play Key Role In Renewed Quantum Science Center
PRESS RELEASE — The Department of Energy has renewed funding for the Quantum Science Center, with Los Alamos National Laboratory continuing to play a vital role along with Oak Ridge National Laboratory in the center’s mission to advance quantum science and technology. The center will be funded for $125 million over five years to focus on quantum-accelerated high-performance computing.
“The Quantum Science Center is establishing the scientific and technical foundation for quantum computing,” said Mark Chadwick, associate Laboratory director for Simulation, Computing and Theory. “In this new, critical evolution for the center, the integration of quantum and high-performance computing stands to accelerate advancements in crucial scientific areas related to technological progress and even national security applications.”
The Quantum Science Center combines the efforts of three national laboratories, with ORNL hosting the center and Los Alamos a principal partner alongside various universities, industry partners and other laboratories. Created as one of five National Quantum Information Science Research Centers supported by the DOE’s Office of Science, the Quantum Science Center seeks to create a scientific ecosystem for the advancement of fault-tolerant, quantum-accelerated high-performance computing.
Trump’s Reprieve for Nvidia’s H200 Spurred by Huawei’s AI Gains
President Donald Trump decided to let Nvidia Corp. sell its H200 artificial intelligence chips to China after concluding the move carried a lower security risk because the company’s Chinese archrival, Huawei Technologies Co., already offers AI systems with comparable performance, according to a person familiar with the deliberations.
Administration officials who weighed whether to clear Nvidia’s H200 had considered multiple possible scenarios, factoring in the views of national security hawks in Washington, said the person. Options ranged from exporting zero AI chips to China to allowing exports of everything to flood the Chinese market and overwhelm Huawei. Ultimately the policy backed by Trump called for clearing H200s to China while holding back the latest Nvidia chips for American customers, the person said.
The 2026 Timeline: AGI Arrival, Safety Concerns, Robotaxi Fleets & Hyperscaler Timelines | 221
The 2026 Timeline: AGI Arrival, Safety Concerns, Robotaxi Fleets & Hyperscaler Timelines ## The rapid advancement of AI and related technologies is expected to bring about a transformative turning point in human history by 2026, making traditional measures of economic growth, such as GDP, obsolete and requiring new metrics to track progress ## ## Questions to inspire discussion.
Measuring and Defining AGI
🤖 Q: How should we rigorously define and measure AGI capabilities? A: Use benchmarks to quantify specific capabilities rather than debating terminology, enabling clear communication about what AGI can actually do across multiple domains like marine biology, accounting, and art simultaneously.
🧠 Q: What makes AGI fundamentally different from human intelligence? A: AGI represents a complementary, orthogonal form of intelligence to human intelligence, not replicative, with potential to find cross-domain insights by combining expertise across fields humans typically can’t master simultaneously.
📊 Q: How can we measure AI self-awareness and moral status? A: Apply personhood benchmarks that quantify AI models’ self-awareness and requirements for moral treatment, with Opus 4.5 currently being state-of-the-art on these metrics for rigorous comparison across models.
AI Capabilities and Risks.