Browsing Category
Security
62 posts
Cybersecurity news, software supply chain risk, privacy threats, and practical security guidance.
Android 17 Starts Rolling Out With Bubbles, Tighter Permissions and Delayed Gemini Tools
Google has started rolling out Android 17 to Pixel devices, with floating app Bubbles, Screen Reactions, stronger permission controls, anti-theft protections, and gaming updates. The more ambitious Gemini Intelligence features are still due later this summer on select advanced devices.
Databricks Turns the Lakehouse Into an Operating Layer for AI Agents
Databricks used Data + AI Summit 2026 to launch Lakehouse//RT, Genie One, CustomerLake, Unity AI Gateway updates, and a Panther acquisition. The moves show the company trying to make the lakehouse a governed operating layer for real-time apps, agents, marketing, and security operations.
LiteSpeed cPanel Flaw Puts Shared Hosting Servers on CISA’s Patch Clock
CISA added CVE-2026-54420, an actively exploited LiteSpeed cPanel plugin flaw, to its Known Exploited Vulnerabilities catalog. Shared hosting providers running CloudLinux or CageFS should move to the fixed plugin versions, check cPanel logs, and treat suspicious access as a possible root-level incident.
NewCore’s $66M Launch Puts AI Agents Inside the Identity Stack
NewCore emerged from stealth with $66 million and an identity-security platform built for AI agents. The launch shows why enterprises need agent identities, revocation paths, and access controls before autonomous tools touch production systems.
curl’s July Security Pause Shows AI Bug Reports Have a Human Bottleneck
The curl project will pause public vulnerability reports during July 2026 after months of AI-assisted security-report pressure. The break exposes a practical risk for companies that depend on critical open source software: finding bugs is getting faster than triage, patching, and maintainer capacity.
Oracle PeopleSoft Zero-Day Turns ERP Servers Into an Incident Response Priority
Oracle’s CVE-2026-35273 alert, CISA’s exploited-vulnerability listing, and Mandiant’s ShinyHunters findings make PeopleSoft patching only the first step. Exposed systems need log review, endpoint checks, and network hardening now.
NIST’s AI Guardrail Proof Makes Prompt Injection a Continuous Security Problem
NIST says a fixed set of AI guardrails cannot be universally robust against adaptive adversarial prompts. For teams deploying AI agents, the practical answer is continuous red-teaming, guardrail updates, access limits, and recovery planning.
Splunk Enterprise Flaw Hits CISA’s Exploited-Vulnerability List
CISA added CVE-2026-20253 to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, and Splunk now says it is aware of limited exploitation. Affected self-managed Splunk Enterprise 10.0 and 10.2 systems should upgrade or carefully apply the PostgreSQL sidecar mitigation.
FCC Burner Phone Proposal Would Turn Phone Privacy Into a KYC Fight
The FCC’s proposed know-your-customer rule would push voice providers to collect and retain more identity data before activating service. The anti-robocall plan also raises a direct fight over prepaid phones, anonymous numbers, and mobile privacy.
Android Fake Call Detection Uses RCS to Fight AI Voice Scams
Google’s Android fake call detection uses an encrypted RCS signal in Phone by Google to warn when a saved contact’s number may be spoofed. The protection is useful, but only works when both phones meet the requirements.