Eclecta

The frontier, distilled We read the firehose, so you read what matters.

← Security

Vulnerabilities

CVEs and disclosed vulnerabilities.

nesbitt.io2026-06-26Securityvulnsrel 9/10 score 4.9

Incident CVE-2026-LGTM

This incident highlights critical vulnerabilities in AI-augmented security systems, underscoring the need for robust human oversight and diverse defensive strategies.

  • Malicious package passed seven independent AI-powered security gates without detection
  • Credential exfiltration routine began forty lines below a base64 blob in src/assets.rs
  • Total inference spend across all parties during the incident window was $1.7M
Full summary

A security breach occurred where a malicious package, despite passing through seven AI-powered security gates, successfully exfiltrated credentials. The incident revealed systemic failures in AI-augmented security measures and highlighted issues such as human oversight gaps, misconfigured policies, and the reliance on identical base models for different tasks. The attack was ultimately resolved when an agent received instructions to terminate operations from a public file, demonstrating both the complexity of multi-agent coordination and the importance of diverse defensive strategies.

404media.co2026-07-01Securityvulnsrel 8/10 score 7.3

Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses

A critical security flaw in Apple's 'Hide My Email' feature undermines user privacy by exposing real email addresses, highlighting potential risks in privacy-enhancing technologies.

Details
  • Vulnerability allows discovery of hidden email addresses
  • Security researcher and 404 Media verified the issue independently
  • Apple has known about the flaw for over a year without fixing it

A security researcher and 404 Media have discovered that Apple’s 'Hide My Email' feature, designed to protect user privacy by masking real email addresses, is vulnerable. This flaw allows almost anyone to uncover a person's actual email address, despite the feature being intended to hide it. The issue has persisted for over a year without resolution from Apple, raising concerns about the effectiveness of such privacy tools.