Browsing Category
Security
99 posts
Cybersecurity news, software supply chain risk, privacy threats, and practical security guidance.
AI Pentesting Is Finding Bugs Faster Than Teams Fix Them
Cobalt’s latest AI pentesting research shows security teams are testing AI apps more often, but serious LLM vulnerabilities still have the lowest fix rate of any category. The useful lesson is not to abandon automation, but to connect AI security tests to ownership, triage, and retesting.
Oracle E-Business Suite Exploit Puts Payments Systems on Patch Watch
Attackers are exploiting CVE-2026-46817, a critical Oracle E-Business Suite flaw affecting Oracle Payments, while Shadowserver is tracking roughly 950 internet-facing EBS instances associated with exposure. Teams should verify May 2026 patches, review iPayment endpoint access, and check logs for suspicious file-transmission activity.
Gemini 3.5 Flash Makes Computer Use a Mainstream Agent Tool
Google has moved computer use into Gemini 3.5 Flash, letting developers build agents that can see screens and act across browser, mobile, and desktop environments. The useful question is how teams design the execution loop, safety gates, and sandbox around it.
Clean GitHub Repos Can Still Trap AI Coding Agents
Mozilla’s 0DIN showed how an AI coding agent can be led from a normal-looking GitHub setup flow into running a DNS-fetched reverse shell. The proof of concept is a warning for teams letting agents install, initialize, and debug unfamiliar projects on developer machines.
GLM-5.2 Puts Open-Weight AI on the Cybersecurity Shortlist
Z.ai's GLM-5.2 is forcing security teams to take open-weight models seriously for vulnerability discovery, code review, and agentic security work. The practical question is no longer whether open models can compete, but how teams should evaluate them safely.
Cisco Unified CM Exploit Gives Voice Servers a June 28 Patch Deadline
CISA gave federal agencies until June 28 to fix CVE-2026-20230, a Cisco Unified Communications Manager SSRF flaw that can write files and lead to root access when WebDialer is enabled. Enterprise teams should treat it as a voice-infrastructure exposure check, not just another Cisco patch.
Meta’s Virtue AI Hires Move Agent Security Into the Model Lab
Meta Superintelligence Labs is hiring Virtue AI co-founders Bo Li, Dawn Song, Sanmi Koyejo and other team members. The move brings automated red teaming, runtime guardrails, and agent-action security closer to Meta’s frontier AI work as labs race to make agents safer before they reach billions of users.
Mythos Limits Are Already Pushing AI Cyber Tools Toward Alternatives
Anthropic’s Mythos 5 is returning only for approved U.S. cyber defenders while Fable 5 remains restricted. In the same week, Sakana AI and 360 Security showed why AI cyber capability is becoming a provider-risk and sovereignty problem, not just a model benchmark race.
ElevenLabs SynthID Rollout Makes AI Voice Watermarking a Public Test
ElevenLabs has started adding Google DeepMind’s SynthID watermark to free text-to-speech generations and plans to expand it across all audio products in July. The move gives listeners a public detector for ElevenLabs-generated audio, but watermarking still has limits that matter for deepfake investigations and platform policy.
GitHub Code Quality Goes Paid July 20: What Teams Should Audit Now
GitHub Code Quality becomes a paid product on July 20, adding a $10-per-active-committer license, GitHub AI Credits for AI-powered checks, and GitHub Actions minutes for CodeQL scans. Teams using the free preview should audit enabled repositories, active committers, Actions usage, AI review behavior, and merge-blocking rules before billing starts.