Browsing Category
Security
99 posts
Cybersecurity news, software supply chain risk, privacy threats, and practical security guidance.
Cisco’s Twice-Monthly Patch Cadence Starts With Catalyst Center and ClamAV Fixes
Cisco’s first July security-advisory drop under its new twice-monthly cadence includes a Catalyst Center arbitrary-file-read flaw and seven ClamAV vulnerabilities affecting Cisco Secure Endpoint. The change gives network and security teams more predictability, but it also means Cisco infrastructure patch planning needs to become a standing operating rhythm, not a quarterly scramble.
SharePoint RCE Gives Admins a July 4 Patch Deadline
CISA has added Microsoft SharePoint Server CVE-2026-45659 to its exploited-vulnerabilities catalog, giving federal agencies until July 4 to apply mitigations and run forensic triage. The flaw was patched in May, but active exploitation means on-prem SharePoint teams should verify builds, review exposure, and check for compromise now.
Verkada and NVIDIA Push Physical AI Deeper Into Security Cameras
Verkada says NVIDIA is now both an investor and technical collaborator as it scales physical AI across more than 2.4 million devices. The deal turns enterprise security cameras into a clearer test case for AI video search, synthetic training data, and governance around real-world monitoring.
Claude Fable 5 Returns With a New Test for AI Jailbreak Rules
Anthropic is restoring Claude Fable 5 after U.S. export controls on Fable 5 and Mythos 5 were lifted. The redeployment brings a new cyber-safety classifier, fallback handling for blocked requests, and a proposed industry framework for scoring AI jailbreak severity.
BlueHammer Ransomware Flag Puts Microsoft Defender Patching Back on the Clock
CISA has updated the Microsoft Defender BlueHammer flaw, CVE-2026-33825, to mark it as used in ransomware campaigns. The flaw was patched in April, but the new flag gives Windows teams a fresh reason to verify Defender updates, endpoint telemetry, and local privilege escalation controls.
Microsoft Defender Starts Watching Local AI Agents on Developer Machines
Microsoft Defender now discovers local AI agents and MCP server configurations across managed endpoints, while preview runtime protection can audit or block prompt-injection attempts in Claude Code and GitHub Copilot CLI before risky tool actions execute.
Claude Sonnet 5 Makes Agentic AI Cheaper to Run
Anthropic launched Claude Sonnet 5 with lower launch pricing, stronger agentic behavior, Claude Code support, and broad availability across Claude plans. For developers, the useful question is not whether it is the flashiest Claude model, but whether its cost, context window, and migration changes make long-running agents easier to put into production.
Apple’s Early Security Updates Show AI Is Shrinking Patch Windows
Apple pushed iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2 out before the broader 26.6 release cycle, citing AI-driven security concerns. The update is a practical reminder that patch timing now matters as much as patch content.
Daktronics Controller Flaws Put Public Digital Signs on Patch Watch
CISA is warning that flaws in Daktronics DMP-5000, VFC-DMP-5000, and DMP-8000 controller firmware could expose public display systems to root-level compromise. Operators of billboards, highway signs, venues, hospitals, and other connected displays should patch firmware, change default credentials, and verify that controllers are not reachable from the open internet.
SimpleHelp Exploit Turns Remote Support Into a Credential Theft Pipeline
Attackers are exploiting CVE-2026-48558 in SimpleHelp to turn remote support access into a malware delivery path. Teams should patch, hunt for forged technician sessions, and rotate credentials exposed on managed endpoints.