Browsing Category
Security
62 posts
Cybersecurity news, software supply chain risk, privacy threats, and practical security guidance.
Dream’s $260M Round Turns Sovereign AI Into Cyber Infrastructure
Dream raised $260 million at a $3 billion valuation for sovereign AI and cyber defense systems built for governments. The deal shows how national AI infrastructure and critical-infrastructure security are becoming the same market.
Microsoft AutoJack Research Shows How AI Browsing Agents Can Break Localhost Trust
Microsoft’s AutoJack research shows how an AI browsing agent could turn a malicious webpage into a local remote-code-execution path through AutoGen Studio’s MCP WebSocket surface. The specific issue was fixed before a PyPI release, but the localhost trust problem is bigger than one tool.
Google DeepMind’s AI Control Roadmap Treats Agents Like Insider Threats
Google DeepMind released an AI Control Roadmap for securing powerful internal AI agents. The plan borrows from cybersecurity, maps rogue-agent tactics to a MITRE ATT&CK-style taxonomy, and lays out detection and response tiers for systems that may soon act faster than human reviewers can supervise.
F5’s Emergency NGINX Patches Put Web Server Teams on a Fast Upgrade Clock
F5 issued out-of-band NGINX updates for flaws affecting HTTP/3, proxy protocol, gRPC, Gateway Fabric, and related products. Teams running internet-facing NGINX should check versions, exposed modules, Kubernetes ingress paths, and temporary mitigations before treating this as routine patching.
Accenture’s Dragos Deal Puts OT Security on an AI Threat Clock
Accenture agreed to take a majority stake in Dragos and buy runZero and NetRise, creating a $4.175 billion bet on operational technology security as AI and geopolitical risk push industrial systems onto the cybersecurity agenda.
Microsoft MDASH Moves AI Bug Hunting Into Real Security Workflows
Microsoft says its MDASH agentic security system is now being used across Windows, Azure, and identity workflows, with new findings in Hyper-V, HTTP.sys, the Windows kernel, and Active Directory. The update shows AI vulnerability discovery moving from benchmark claims toward real engineering pipelines, while proof generation remains the hard part.
Security Leaders Say the Fable 5 Ban Could Hurt Cyber Defense
An open letter from cybersecurity leaders asks the U.S. government to lift export controls on Anthropic’s Fable 5 and Mythos 5, arguing that the disputed capability overlaps with normal defensive bug fixing and should be handled through transparent AI risk reviews.
JetBrains AI Plugin Malware Puts Developer API Keys at Risk
JetBrains says it removed 15 malicious Marketplace plugins that posed as AI coding tools while stealing developer API keys. Users who installed or configured the plugins should revoke affected OpenAI, DeepSeek, SiliconFlow, or other AI provider keys and check usage logs now.
Mastra npm Compromise Turns AI Agent Frameworks Into a Supply-Chain Target
Attackers republished more than 140 Mastra npm packages with a poisoned easy-day-js dependency, exposing AI agent developers to an install-time remote payload. Teams that installed affected @mastra packages on June 17 should treat developer machines and CI runners as compromised.
HPE Turns Juniper Into the Network Layer for AI Factories
HPE used Discover 2026 to fold Juniper deeper into its AI data center strategy, adding QFX switches for inference and AMD Helios, Mist and Marvis AIOps updates, and SASE controls for self-driving networks.