Browsing Category
Security
99 posts
Cybersecurity news, software supply chain risk, privacy threats, and practical security guidance.
F5’s Emergency NGINX Patches Put Web Server Teams on a Fast Upgrade Clock
F5 issued out-of-band NGINX updates for flaws affecting HTTP/3, proxy protocol, gRPC, Gateway Fabric, and related products. Teams running internet-facing NGINX should check versions, exposed modules, Kubernetes ingress paths, and temporary mitigations before treating this as routine patching.
Accenture’s Dragos Deal Puts OT Security on an AI Threat Clock
Accenture agreed to take a majority stake in Dragos and buy runZero and NetRise, creating a $4.175 billion bet on operational technology security as AI and geopolitical risk push industrial systems onto the cybersecurity agenda.
Microsoft MDASH Moves AI Bug Hunting Into Real Security Workflows
Microsoft says its MDASH agentic security system is now being used across Windows, Azure, and identity workflows, with new findings in Hyper-V, HTTP.sys, the Windows kernel, and Active Directory. The update shows AI vulnerability discovery moving from benchmark claims toward real engineering pipelines, while proof generation remains the hard part.
Security Leaders Say the Fable 5 Ban Could Hurt Cyber Defense
An open letter from cybersecurity leaders asks the U.S. government to lift export controls on Anthropic’s Fable 5 and Mythos 5, arguing that the disputed capability overlaps with normal defensive bug fixing and should be handled through transparent AI risk reviews.
JetBrains AI Plugin Malware Puts Developer API Keys at Risk
JetBrains says it removed 15 malicious Marketplace plugins that posed as AI coding tools while stealing developer API keys. Users who installed or configured the plugins should revoke affected OpenAI, DeepSeek, SiliconFlow, or other AI provider keys and check usage logs now.
Mastra npm Compromise Turns AI Agent Frameworks Into a Supply-Chain Target
Attackers republished more than 140 Mastra npm packages with a poisoned easy-day-js dependency, exposing AI agent developers to an install-time remote payload. Teams that installed affected @mastra packages on June 17 should treat developer machines and CI runners as compromised.
HPE Turns Juniper Into the Network Layer for AI Factories
HPE used Discover 2026 to fold Juniper deeper into its AI data center strategy, adding QFX switches for inference and AMD Helios, Mist and Marvis AIOps updates, and SASE controls for self-driving networks.
Android 17 Starts Rolling Out With Bubbles, Tighter Permissions and Delayed Gemini Tools
Google has started rolling out Android 17 to Pixel devices, with floating app Bubbles, Screen Reactions, stronger permission controls, anti-theft protections, and gaming updates. The more ambitious Gemini Intelligence features are still due later this summer on select advanced devices.
Databricks Turns the Lakehouse Into an Operating Layer for AI Agents
Databricks used Data + AI Summit 2026 to launch Lakehouse//RT, Genie One, CustomerLake, Unity AI Gateway updates, and a Panther acquisition. The moves show the company trying to make the lakehouse a governed operating layer for real-time apps, agents, marketing, and security operations.
LiteSpeed cPanel Flaw Puts Shared Hosting Servers on CISA’s Patch Clock
CISA added CVE-2026-54420, an actively exploited LiteSpeed cPanel plugin flaw, to its Known Exploited Vulnerabilities catalog. Shared hosting providers running CloudLinux or CageFS should move to the fixed plugin versions, check cPanel logs, and treat suspicious access as a possible root-level incident.