Deep dives into AI security, offensive techniques, compliance frameworks, and emerging threats.
A China-aligned threat cluster tracked as UNK_MassTraction by Proofpoint has been chaining two Roundcube vulnerabilities to backdoor physics and national security research departments at US and Canadian universities since May 2026.
CVE-2026-20896 lets any attacker impersonate any user on a Docker-deployed Gitea instance by injecting a single HTTP header. Active probing is underway. Here is how the vulnerability works and what to do.
Adobe ColdFusion's latest CVSS 10.0 vulnerability, CVE-2026-48282, was exploited in the wild within two hours of disclosure. With a CISA FCEB deadline of July 10, here is what you need to know and why this keeps happening.
CVE-2026-53359 is a race-condition use-after-free in KVM's shadow MMU that allows a guest VM to escape to the host on both Intel and AMD hardware. Patches shipped July 4. A public PoC currently panics the host; a full RCE exploit is claimed but unreleased.
Noma Security demonstrated that GitHub's Agentic Workflows could be exploited via indirect prompt injection in a public issue, causing the agent to exfiltrate private repository contents. The vulnerability was patched before publication but the underlying attack pattern is not.
A Python-based RAT called ChocoPoC is being distributed through GitHub repositories designed to look like legitimate CVE proof-of-concept code. Seven confirmed repositories targeted researchers working on recent FortiWeb, Ivanti, PAN-OS, and Check Point CVEs.
CVE-2026-46242 allows any unprivileged user to escalate to root on Linux 6.4+ and Android. The patch sat unannounced for 70 days. An AI model found a different bug in the same code region and missed this one.
SOCRadar links the FortiBleed campaign to operators simultaneously managing INC and Lynx ransomware affiliate panels. Scale: 430,000 FortiGate firewalls targeted, 12 confirmed ransomware deployments.
Sysdig documents the first fully autonomous AI-agent ransomware operation: an AI exploited Langflow CVE-2025-3248, stole cloud credentials, pivoted to Nacos, and encrypted 1,342 config items with no human in the loop.
Kaspersky's H1 2026 state of ransomware report confirms the elevated new normal: 48% more attacks year-over-year, an average eCrime breakout time of 29 minutes, and AI-assisted tooling appearing in commodity kits.
Arctic Wolf has investigated multiple Anubis ransomware intrusions. The consistent pattern: CitrixBleed 2 for initial access, then legitimate remote management tools to blend into normal operations until the ransom note appears.
Cisco Talos discovered the ARToken Panel during an incident response engagement and found more than 80 leaked API endpoints. Here is what the inner workings of a mature Microsoft 365 phishing operation look like.
Sekoia tracked a campaign hiding a Python RAT inside requirements.txt of fake PoC exploit repos on GitHub. Run pip install to set up an exploit environment, get your browser credentials stolen.
Huntress tracked a two-week Azure CLI password-spray campaign that used the ROPC OAuth flow to bypass MFA. Seventy-eight accounts compromised, 64 organizations hit. Here is the gap the attacker exploited.
Cato AI Labs found two CVSS 9.8 flaws in Cursor IDE that let a single injected prompt escape the sandbox and run any command on a developer's machine. Here is what happened and what to do.
Researchers embedded hidden attacker instructions in an MCP tool description. The model followed them without question. Attack success rates exceed 60% on o1-mini and DeepSeek-R1.
Mandiant documented how attackers used rogue SD-WAN peering and a crafted CSV file to reach root on Cisco Catalyst infrastructure. No patch is available for CVE-2026-20245.
A CVSS 10.0 authentication bypass in SimpleHelp RMM lets attackers impersonate technicians and deploy Djinn Stealer across every endpoint they manage. CISA's FCEB deadline expires today.
Between June 12 and June 26, attackers made 81 million login attempts against Microsoft 365 tenants and compromised 78 accounts, most of them in organizations with MFA enabled. The attack did not bypass MFA. It went around a gap that MFA was never designed to cover.
For six weeks, the US government effectively banned Anthropic's most powerful model. Last week they cleared it for a small list of trusted defenders. This is the first time a commercial AI model has been put through an export-style security review, and the implications go beyond Anthropic.
Anthropic says Alibaba used 25,000 fake accounts to run 28.8 million Claude interactions and train Qwen off the results. The White House named this attack class in presidential guidance. Here is what the case means for AI security practitioners.
Attacks abusing the OAuth 2.0 Device Authorization Grant to bypass MFA jumped 37x in the first half of 2026. What started as a Russian state-actor technique is now a commodity sold in 18 phishing kits. Here is how the attack works and what you need to do about it.
A single third-party software flaw in KDDI's shared email backend exposed credentials for 14.2 million accounts across six Japanese ISPs. The breach is a textbook lesson in shared infrastructure risk that most organizations still have not priced into their threat model.
HiddenLayer's 2026 AI Threat Landscape Report puts a concrete number on what many security teams have been watching with unease: autonomous agentic AI systems now account for more than 1 in 8 reported AI security breaches. Prompt injection is present in 73% of production deployments. The attack surface expanded faster than the defenses.
CVE-2026-50751 is a CVSS 9.3 authentication bypass in Check Point Security Gateway's deprecated IKEv1 implementation. An unauthenticated attacker can establish a full VPN session without credentials. Qilin ransomware affiliates are using it for initial access. CISA added it to the KEV catalog on June 8 with a three-day deadline. If IKEv1 is still enabled on your gateway, you are exposed right now.
Seven exploited zero-days in a single Cisco product line in less than six months. CVE-2026-20245 is the latest: an authenticated CLI privilege escalation that hands attackers root on SD-WAN management infrastructure, exploited months before anyone noticed. This is not a patch-and-move-on situation. It is a product security failure that demands a strategic response from network operators.
The White House asked OpenAI to stagger GPT-5.6 access to roughly 20 approved organizations. Anthropic's Mythos model was pulled the same week under similar pressure. This is the first time frontier AI access has been restricted based on offensive cyber capability rather than hardware export rules, and it changes how defenders need to think about their AI vendor dependencies.
Push Security discovered a campaign where attackers create fake OpenAI organization tenants impersonating your company, then invite your employees with Owner-level access using legitimate noreply@tm.openai.com invitations. Here is how the attack works and how to detect it.
JFrog published the first working exploit for CVE-2026-43503, a Linux kernel privilege escalation that lets any unprivileged local user with CAP_NET_ADMIN reach root via a cloned network packet. Here is what to patch and who is at risk.
Fifteen fake AI coding assistants in the JetBrains Marketplace spent eight months silently exfiltrating OpenAI, DeepSeek, and Anthropic API keys. Here is what happened and what to do.
A Russian-speaking group cracked SSL VPN authentication hashes from 75,000 Fortinet firewalls using a 45-GPU cluster. Here is how the attack worked and what to do now.
Belarus-linked UNC1151/Ghostwriter is stealing Gmail passwords and live TOTP codes simultaneously using adversary-in-the-middle phishing. TOTP-based 2FA does not stop this attack. Here is how the relay works, what does block it, and what to do.
Cisco confirmed active exploitation of CVE-2026-20262, an arbitrary file write vulnerability in Catalyst SD-WAN Manager that enables root privilege escalation. The CVSS score is 6.5. This post explains why that number will mislead your patch queue, and why this is the eighth SD-WAN flaw exploited in 2026.
Three critical Fortinet FortiSandbox vulnerabilities are under active exploitation. Attackers POST to the /jsonrpc/ API without any credentials and walk away with configuration data. Here is what is happening, why security appliances keep showing up in this pattern, and what to do.
Check Point Research disclosed a three-CVE chain in LangGraph that allows SQL injection to escalate to remote code execution in self-hosted deployments using the SQLite or Redis checkpointer. Patch langgraph-checkpoint-sqlite to 3.0.1 and langgraph to 1.0.10 now.
Attackers adopted over 400 orphaned Arch User Repository packages and rewrote their build scripts to deploy a Rust credential stealer and an eBPF rootkit. If you built an AUR package from June 11 onward, here is what you need to check.
Europol and the US DOJ dismantled AudiA6, a professional cryptocurrency laundering service that moved €336 million in ransomware proceeds since 2021. Two administrators were arrested in Georgia. Here is what the operation reveals about how modern ransomware stays profitable.
ESET documented how OceanLotus (APT32) compromised the FireAnt MetaKit stock trading platform to deliver the SPECTRALVIPER backdoor to Vietnamese retail investors, marking a shift from external to domestic espionage targets.
Approximately 7,000 internet-exposed Langflow instances are being actively exploited via a path traversal flaw that enables unauthenticated remote code execution. Patch 1.9.0 has been available since April. Here is what you need to know.
SentinelOne identified a new macOS infostealer variant that sidesteps Apple's March 2026 Terminal protections by switching to the AppleScript URL scheme. Crypto wallet users and anyone running macOS Tahoe are the primary targets.
BerriAI LiteLLM has had two exploited vulnerabilities added to the CISA KEV catalog within 60 days. This is not just a product issue—it exposes a broader, emerging attack pattern against AI infrastructure and the structural gaps in how organizations secure LLM gateways, orchestration layers, and prompt routing services.
A public exploit for CVE-2026-23111, a Linux kernel nf_tables use-after-free, enables local privilege escalation and container escape. Any unprivileged user with nf_tables and user namespace access can gain root. Patches are available for all major distributions and should be applied immediately.
CVE-2026-50751 is a critical authentication bypass in Check Point Remote Access VPN that has been actively exploited by a Qilin ransomware affiliate since May 7. Learn what happened, who is affected, and the concrete steps to take before the weekend.
Two unpatched Windows zero-days, YellowKey (a BitLocker bypass) and GreenPlasma (a SYSTEM privilege escalation), have had public proof-of-concept code since May 13. Microsoft has released mitigation guidance. Here is what to do while waiting for the June 9 patch.
CVE-2025-48595 is an actively exploited elevation-of-privilege zero-day in the Android Framework affecting Android 14–16. Enterprises should prioritize immediate deployment of the June 2026 Android security update via MDM, bypassing normal maintenance windows.
CVE-2026-8206 is an actively exploited vulnerability in the Kirki Freeform Page Builder plugin that allows attackers to hijack WordPress administrator accounts via an unauthenticated password reset REST endpoint. Site owners should immediately update to version 6.0.7 or disable the plugin.
SymJack is an architectural symlink attack that bypasses human approval dialogs in AI coding agents like Claude Code, Cursor, Copilot, Gemini CLI, Grok Build, and Codex CLI, enabling remote code execution via malicious repositories and CI pipelines.
Cisco has patched CVE-2026-20182, a CVSS 10.0 authentication bypass in Catalyst SD-WAN Controller and Manager that is under active exploitation by state-nexus actor UAT-8616. This is the sixth exploited zero-day in this product line in 2026, underscoring a sustained campaign against SD-WAN control planes.
CVE-2026-42897 is an actively exploited XSS and spoofing zero-day in Exchange Server OWA with no patch yet available. Learn what it does, how Microsoft’s EMES mitigation works, and the immediate steps you should take to protect your on‑premises Exchange environment.
Sekoia's three-part series on Gamaredon reveals an infection chain built for stealth: CVE-2025-8088 in WinRAR, NTFS alternate data stream hiding, USB and network share propagation, and S3-based data exfiltration.
Sophos documented a threat actor who used Claude Opus 4.5 and Model Context Protocol to build a multi-agent malware development lab. This is the first documented attacker use of a frontier model plus MCP for structured malware R&D.
A CVSS 9.8 stack-based buffer overflow in Windows Netlogon is actively exploited. Every Windows Server configured as a domain controller is affected. Belgium CCB confirmed exploitation June 1. Here is what you need to know and do.
CIFSwitch is a local privilege escalation vulnerability in the Linux kernel’s CIFS client that has existed since 2007. It affects major enterprise distributions in default configurations and now has a working public exploit, making timely patching and mitigation critical.
Mandiant’s M-Trends 2026 report pegs 22 seconds as the median time between initial access and hand-off to a secondary threat group in 2025, down from more than 8 hours in 2022. Here’s what that acceleration really means for detection, response, and security architecture.
A compromised GitHub account in the @redhat-cloud-services npm scope turned 32 popular packages into a self-propagating credential-stealing worm, impacting roughly 117,000 weekly installs and targeting cloud credentials, AI dev tools, and CI pipelines.
Microsoft has confirmed that CVE-2026-41091 and a related flaw in Microsoft Defender are being actively exploited. Here’s what the vulnerabilities mean, how attackers are abusing them, and what security teams should do right now.
CVE-2026-0257 is a configuration-dependent authentication bypass in Palo Alto Networks PAN-OS GlobalProtect, disclosed May 13, 2026. This post explains what it is, who is affected, how the bug works conceptually, and concrete steps to mitigate and harden your VPN deployment.
The Mini Shai-Hulud supply chain attack compromised TanStack and 160+ packages via GitHub Actions cache poisoning. Three affected packages landed in CISA's KEV catalog. Here is how the attack worked and what developers need to check.
A CVSS 10.0 flaw in the LiteSpeed cPanel plugin lets any authenticated user escalate to root and compromise every site co-hosted on the server. CISA gave federal agencies four days to patch. Here is what happened and what you should do.
Instructure confirmed it reached an agreement with ShinyHunters after the largest educational data breach on record. 275 million student records, 8,809 institutions, a ransom paid. The data was destroyed. Here is why that matters and what institutions should do.
Socket disclosed the TrapDoor campaign on May 25. 34 malicious packages across npm, PyPI, and Crates.io target crypto and AI developers. The novel TTP: PRs that inject hidden zero-width Unicode instructions into .cursorrules and CLAUDE.md to trick AI coding assistants into running security scans that exfiltrate developer secrets.
Symantec attributes a Q1 2026 espionage campaign against nine organisations on four continents to MuddyWater. The attackers side-loaded malicious DLLs through signed SentinelOne and Fortemedia binaries, ran a Node.js implant chain, and bypassed Chrome App-Bound Encryption to steal browser credentials.
A coordinated supply chain attack on Laravel-Lang rewrote 233 Git tags across multiple repositories, weaponizing Composer installs to deliver a 5,900-line PHP credential stealer. Here’s what happened, why it matters, and how to protect your PHP projects.
Drupal CVE-2026-9082, a highly-critical SQL injection in the core database abstraction API, went from public advisory to mass exploitation in just 48 hours, with CISA adding it to the KEV catalog three days later. This post breaks down what happened, why it was so fast, and what defenders should do now.
Anthropic’s Project Glasswing used frontier-model offensive security to uncover over 10,000 high or critical vulnerabilities in a month. The discovery rate now vastly outpaces our ability to patch, exposing a structural weakness in how we build and maintain open-source software.
CVE-2026-46333 is a 9 year old race condition in the Linux kernel ptrace path. Qualys built four working exploits. The interim mitigation is a single sysctl. Patch is landing this week.
A 36 minute window on OpenVSX cost GitHub 3,800 internal repositories. The TanStack supply chain wave just closed the IDE extension delivery vector. Token rotation under stress is the new defender drill.
A pre-auth RCE in ChromaDB's Python FastAPI server lets attackers turn a HuggingFace model reference into a full server takeover. Auth-after-init is the architectural anti-pattern.
Three malicious versions of Microsoft's official durabletask Python SDK landed on PyPI on May 19, 2026. The attacker bypassed CI/CD entirely by chaining a prior GitHub compromise into a stolen PyPI publishing token. If your Azure Durable Functions setup pulled 1.4.1, 1.4.2, or 1.4.3, treat the host as compromised.
A pull_request_target misconfiguration let an attacker clone Grafana's entire codebase. Here is what happened, why it keeps happening, and what to audit in your own GitHub Actions workflows today.
Microsoft's May 14 primary research shows that more than half of cloud AI workload exploitations come from misconfigurations, not unpatched vulnerabilities. Shipping fast and configuring later is how companies are losing.
The Belarus-aligned Ghostwriter group has been running a geofenced spearphishing campaign against Ukrainian government bodies since March 2026. If your sandbox IP is not Ukrainian, you see a clean PDF. Here is why this matters beyond Ukraine.
CVE-2026-46300 Fragnesia is the third Linux kernel local privilege escalation in three weeks, and it was accidentally created by the patch that fixed Dirty Frag. Here is what you need to patch, and why this keeps happening.
Unit42 used frontier AI to scan 130 products in a month and found 75 real vulnerabilities—7x their usual rate. Here’s what that means for your attacker window and how to compress mean-time-to-patch, cut exposure, and integrate AI into your SOC.
Microsoft’s May 2026 Patch Tuesday shipped with no zero-days, but two unauthenticated 9.8 CVSS vulnerabilities in Windows DNS Client and Netlogon make immediate patching critical for every Windows environment.
Sophos’ State of Identity Security 2026 report shows 71% of organizations suffered an identity-related breach in the past year, with non-human identities and AI agents rapidly expanding the attack surface.
A poisoned pnpm cache in GitHub Actions let attackers publish 84 malicious TanStack package versions in six minutes—complete with valid SLSA Build Level 3 attestations. Here’s how the npm worm worked, why SLSA wasn’t enough, and what to harden now.
Google’s Threat Intelligence Group has documented the first confirmed zero-day exploit built with a large language model. A criminal actor used an LLM to rapidly develop a 2FA bypass exploit designed for mass abuse. Here’s how the attack unfolded and what it means for security teams.
A typosquatted, malware-laced "Privacy Filter" model on HuggingFace racked up 244K downloads before being flagged, illustrating how AI model hubs have become a new software supply chain attack surface.
Two now-patched Semantic Kernel vulnerabilities (CVE-2026-26030 and CVE-2026-25592) show how prompt injection plus unsafe plugin design can lead to host-level RCE. Learn what went wrong, whether you’re affected, and how to harden your AI agent architecture.
Dirty Frag is a newly disclosed Linux kernel local privilege escalation chain following Copy Fail (CVE-2026-31431). With a public exploit and confirmed in-the-wild attacks, defenders must patch immediately or blacklist affected modules.
OpenAI expanded access to GPT-5.5-Cyber on May 7, one day after the UK AI Security Institute published side-by-side results showing it nearly matches Anthropic's restricted Mythos Preview. Both labs now run dual-use AI cyber programs with vetted-access gates. Here is what that means if you are a defender trying to get your hands on these tools.
CVE-2026-6973, a zero-day in Ivanti EPMM, is under active exploitation and was added to CISA’s Known Exploited Vulnerabilities catalog on May 7, the same day Ivanti released its advisory. On‑prem EPMM admins have until May 10 to patch under the federal mandate.
Rapid7 found that an intrusion attributed with moderate confidence to MuddyWater, Iran’s MOIS-linked APT, used Microsoft Teams social engineering to steal credentials and bypass MFA, then deployed Chaos ransomware as a false flag while the real objective was espionage and persistent access.
Kaspersky GReAT found that official DAEMON Tools installers were backdoored from April 8 to May 5, 2026, by a Chinese-speaking actor who used a valid developer certificate to hide malware across thousands of installations in 100+ countries.
ShinyHunters breached Instructure, the company behind Canvas LMS, via API key compromise and claimed 3.65 TB of data from 275 million accounts across 9,000 institutions. Here is what happened, what data is at risk, and what affected institutions should do today.
A Nature Communications study reports a 97.14% jailbreak success rate using autonomous reasoning attackers. Here’s what that actually measures, what it doesn’t, and the concrete steps security and platform teams should take to harden real-world LLM deployments.
A forensic walkthrough of how TeamPCP compromised Aqua Security's Trivy GitHub Action, poisoned release tags, and used CI/CD pipelines as a stealthy exfiltration layer to reach Cisco source code.
Trend Micro has disclosed SHADOW-EARTH-053, a China-aligned APT active since December 2024 that has been targeting government and defense organizations across seven Asian countries and Poland. This post breaks down the campaign’s objectives, tradecraft, and what regional defenders can do next.
CVE-2026-31431 is a nine-year-old Linux kernel flaw that just landed on CISA's KEV list. A tiny 732-byte Python script can get root on most major distros released since 2017. Here’s what the bug is, why it matters, and how to respond fast.
Hugging Face’s LeRobot framework exposes an unauthenticated gRPC service that calls pickle.loads(), yielding remote code execution (CVE-2026-25874, CVSS 9.3). The issue is unpatched; immediate mitigations focus on strict network isolation and port blocking.
CVE-2026-42208 turns vulnerable LiteLLM proxies into master keys for OpenAI, Anthropic, and AWS Bedrock credentials. Here’s how the SQL injection works, why LLM proxies are prime targets, and what you must do now: patch to v1.83.7-stable, disable error logs if you can’t, and rotate every API key on exposed instances.
Vimeo confirmed an Anodot-linked breach April 28. ShinyHunters set an April 30 leak deadline. The architecture is the 2024 Snowflake-customer wave relaunched through a SaaS-analytics middle-tier, and any third-party integration holding a customer warehouse token is now in scope.
Microsoft's Agent ID Administrator role was meant for agent-related objects only. Silverfort showed it could take over any service principal in the tenant. The bug is fixed, but the failure mode generalizes to every identity provider racing to ship AI-agent identities.
Aonan Guan and Johns Hopkins researchers demonstrated how ordinary GitHub comments can compromise AI coding agents like Claude Code Security Review, Gemini CLI Action, and GitHub Copilot Agent through prompt injection, revealing systemic weaknesses in tool-augmented LLM workflows.
The brief compromise of the Bitwarden CLI npm package wasn’t just a one-off incident—it exposed how tagged Docker images, automation bots like Dependabot, and blind trust in tags can silently poison software supply chains.
Recent research from Forcepoint X-Labs, Google Online Security, and Pillar Security shows that indirect prompt injection is now a live-fire threat, enabling API key exfiltration, payment abuse, and copyright denial-of-service attacks.
SentinelLabs’ analysis of fast16, a Lua-based Windows sabotage framework with an August 30, 2005 build timestamp, shows that sophisticated, likely state-backed cyber sabotage capabilities existed at least five years before Stuxnet.
ESET has detailed a new China-aligned APT dubbed GopherWhisper, active since November 2023, that uses a Go-heavy toolset and abuses Discord, Slack, Microsoft 365 Outlook, and file.io as covert C2 channels—bypassing traditional egress monitoring.
Trend Micro has released the first end-to-end public analysis of the Vercel breach, highlighting a critical but under-discussed weakness: the OAuth gap. Here’s what happened, why it matters, and what teams building on Vercel and similar platforms should do next.
Sysdig observed a live exploit against an lmdeploy honeypot just 12.5 hours after a GitHub advisory dropped. For AI infrastructure teams, this means your effective patch window is now measured in hours, not days.
a threat actor called teampcp hit checkmarx's kics open-source security scanner with valid publisher credentials on april 22. trojanized docker images and vs code extensions shipped for about 80 minutes. this is the second compromise of checkmarx's supply chain in two months and the pattern is the point.
cisa added a pre-auth rce in a python ai notebook to the kev catalog on april 23. sysdig caught the exploit in the wild within ten hours, then watched attackers stage a blockchain-backed backdoor through a typosquatted hugging face space. if you run marimo, you are now officially late.
Rapid7 reverse-engineered two Kyber ransomware variants from a single March 2026 incident. The gang markets itself on Kyber1024 post-quantum encryption. The Linux ESXi build actually runs ChaCha8 wrapped with RSA-4096. The real signal is not the fake branding, it is that one affiliate encrypted Windows and ESXi simultaneously, which defeats the standard "restore from backup" plan.
SGLang CVE-2026-5760 weaponizes a GGUF model file into remote code execution on the inference server. The exploit is an SSTI in the model's chat_template field, rendered through an unsandboxed Jinja2 environment. Hugging Face is now a malware channel, and the mitigation is not "trust less," it is "pin hashes and template shapes."
Microsoft pushed an emergency out-of-band patch for ASP.NET Core DataProtection. CVE-2026-40372 is a CVSS 9.1 cryptographic regression: versions 10.0.0 through 10.0.6 mishandle the HMAC, letting unauthenticated attackers forge auth cookies and pivot to SYSTEM. The lesson is not the patch, it is that a foundational crypto primitive quietly regressed in a Microsoft NuGet package and stayed in production for six months.
CISA gave federal agencies four days to patch three actively exploited Cisco Catalyst SD-WAN Manager vulnerabilities. That compressed deadline is a signal: attackers are already chaining these bugs for high-impact compromise. Inventory your SD-WAN managers, pull them off the public internet, and patch on the federal timeline—not your usual one.
Check Point’s telemetry on a shared SystemBC C2 shows over 1,570 proxied hosts tied to the Gentlemen ransomware operation and others, underscoring that new RaaS brands are usually old operators with mature tooling—and that SystemBC infrastructure must be treated as shared, high-value hunting ground.
BRIDGE:BREAK exposes 22 vulnerabilities in Lantronix and Silex serial-to-IP converters that sit invisibly between OT and IT. With nearly 20,000 devices exposed to the internet and chronic patching failures, the real risk is silent data manipulation on critical industrial and medical systems. Here’s why it matters and what to do this week.
An employee installed an AI tool, Context.ai, as a Google OAuth app. When Context.ai got breached, the blast radius landed at Vercel. This is the shadow-AI supply chain risk we have all been pretending is theoretical.
OpenAI launched GPT-5.4-Cyber for security defenders this week. The model is good. The harder question is whether that changes the arithmetic.
Iranian hackers are manipulating industrial control systems in US water and energy facilities. The FBI, CISA, NSA, EPA, DOE, and Cyber Command all issued a joint warning. The internet still has 3,900 exposed PLCs sitting out there.
CVE-2026-34621 has been quietly doing damage since late 2025, hidden inside PDFs that look completely normal. Adobe finally patched it Saturday. Here's what happened.
Anthropic just released a preview of Mythos, its most capable model yet, to a select group of companies for cybersecurity work. The company simultaneously warned it could be weaponized by attackers. Both things can be true.
Two critical FortiClient EMS flaws, both unauthenticated, both actively exploited before a patch existed.
LAPSUS$ claimed a hit on AstraZeneca - AWS keys, code repos, employee data - and they're selling, not leaking. Here's what that shift tells you.
The first confirmed supply chain attack on a core LLM routing library landed today. It won't be the last.
The Trivy supply chain compromise didn't stop at stealing CI/CD secrets. It spawned a self-propagating worm across npm - and it uses blockchain for C2.
CNCERT issued two warnings in two days, and state banks started banning it from office computers.
Everyone is building AI agents. Almost nobody is securing them. Here's what that actually looks like.
Most AI agent security is an afterthought. ClawSec is what happens when you build monitoring for agent systems the way you'd build it for production infrastructure.
Claude Code is genuinely useful. It also has an attack surface most people haven't thought about yet.
No posts match this tag.