Browsing Category
Security
99 posts
Cybersecurity news, software supply chain risk, privacy threats, and practical security guidance.
Meta Pauses Employee-Tracking Program After AI Training Data Exposure
Meta paused its Model Capability Initiative after reports that employee activity data collected for AI training was exposed internally. The episode shows why training AI agents on real workplace behavior needs security controls as strict as the systems those agents may eventually operate.
CISA Gives UniFi OS and Lantronix Flaws a June 26 Patch Deadline
CISA added three Ubiquiti UniFi OS flaws and a Lantronix EDS5000 code-injection bug to its Known Exploited Vulnerabilities catalog, setting a June 26 remediation deadline for federal agencies. The risk is not just another CVE list: exposed network management interfaces can become a fast path to device control.
LastPass Says Klue Breach Exposed Support Case Data, Not Password Vaults
LastPass says attackers used Klue-held OAuth tokens to access customer CRM and support case data in Salesforce, while its password vaults and core infrastructure were not affected. The practical risk is targeted phishing and social engineering built from real support histories.
CISA’s June 23 Deadline Puts Cisco SD-WAN, Chrome, and Arista EOS on the Triage List
CISA’s June 23 remediation deadline covers three actively exploited flaws across Cisco Catalyst SD-WAN Manager, Google Chrome’s V8 engine, and Arista EOS. The useful move for security teams is not treating them as one patch chore, but triaging each layer: network control plane, browsers, and tunnel decapsulation paths.
OpenAI Daybreak Turns AI Bug Finding Into a Patching Race
OpenAI expanded Daybreak with Patch the Planet, an updated GPT-5.5-Cyber model, Codex Security workflows, and a partner program for vetted security vendors. The move shifts the AI cybersecurity race from finding more bugs to validating, patching, testing, and landing fixes before maintainers are overwhelmed.
Klue Breach Shows How SaaS OAuth Tokens Became a Salesforce Risk
Klue’s June security incident let attackers use a legacy integration credential to obtain OAuth tokens and pull Salesforce CRM data from connected customer environments. The breach is a practical warning for teams that treat SaaS integrations as trusted background plumbing instead of monitored, scoped access paths.
Five Eyes Warns Frontier AI Could Compress Cyber Risk Into Months
Five Eyes cyber agencies warned on June 22 that frontier AI could transform offensive and defensive cyber operations on a months-long timeline. The guidance turns AI-enabled cyber risk into a board-level resilience issue, with practical pressure on patching, identity controls, legacy systems, incident response, and defensive AI use.
LiteLLM Exploit Puts AI Gateways on a June 22 Patch Deadline
CISA’s June 22 remediation deadline for CVE-2026-42271 puts LiteLLM AI gateways on the security team’s priority list. The flaw affects MCP test endpoints, can expose model-provider credentials, and may become unauthenticated RCE when chained with a Starlette host-header bypass.
DeepMind’s AI Control Roadmap Makes Agent Security a Runtime Problem
Google DeepMind’s AI Control Roadmap treats powerful internal AI agents as systems that need monitoring, access limits, response plans, and shutdown paths. The framework is a signal for enterprises moving from chatbots to tool-using agents: alignment claims are no longer enough if the agent can touch code, data, infrastructure, or security workflows.
CISA Puts FortiSandbox Exploits on an Emergency Patch Clock
CISA added two Fortinet FortiSandbox command-injection flaws to its exploited-vulnerabilities catalog on July 16, giving federal agencies until July 19 to remediate. Security teams should patch affected FortiSandbox systems, restrict management access, and review logs and connected credentials if exposure existed before the upgrade.