Browsing Tag
Cybersecurity
35 posts
F5’s Emergency NGINX Patches Put Web Server Teams on a Fast Upgrade Clock
F5 issued out-of-band NGINX updates for flaws affecting HTTP/3, proxy protocol, gRPC, Gateway Fabric, and related products. Teams running internet-facing NGINX should check versions, exposed modules, Kubernetes ingress paths, and temporary mitigations before treating this as routine patching.
Accenture’s Dragos Deal Puts OT Security on an AI Threat Clock
Accenture agreed to take a majority stake in Dragos and buy runZero and NetRise, creating a $4.175 billion bet on operational technology security as AI and geopolitical risk push industrial systems onto the cybersecurity agenda.
Microsoft MDASH Moves AI Bug Hunting Into Real Security Workflows
Microsoft says its MDASH agentic security system is now being used across Windows, Azure, and identity workflows, with new findings in Hyper-V, HTTP.sys, the Windows kernel, and Active Directory. The update shows AI vulnerability discovery moving from benchmark claims toward real engineering pipelines, while proof generation remains the hard part.
Security Leaders Say the Fable 5 Ban Could Hurt Cyber Defense
An open letter from cybersecurity leaders asks the U.S. government to lift export controls on Anthropic’s Fable 5 and Mythos 5, arguing that the disputed capability overlaps with normal defensive bug fixing and should be handled through transparent AI risk reviews.
JetBrains AI Plugin Malware Puts Developer API Keys at Risk
JetBrains says it removed 15 malicious Marketplace plugins that posed as AI coding tools while stealing developer API keys. Users who installed or configured the plugins should revoke affected OpenAI, DeepSeek, SiliconFlow, or other AI provider keys and check usage logs now.
Databricks Turns the Lakehouse Into an Operating Layer for AI Agents
Databricks used Data + AI Summit 2026 to launch Lakehouse//RT, Genie One, CustomerLake, Unity AI Gateway updates, and a Panther acquisition. The moves show the company trying to make the lakehouse a governed operating layer for real-time apps, agents, marketing, and security operations.
LiteSpeed cPanel Flaw Puts Shared Hosting Servers on CISA’s Patch Clock
CISA added CVE-2026-54420, an actively exploited LiteSpeed cPanel plugin flaw, to its Known Exploited Vulnerabilities catalog. Shared hosting providers running CloudLinux or CageFS should move to the fixed plugin versions, check cPanel logs, and treat suspicious access as a possible root-level incident.
NewCore’s $66M Launch Puts AI Agents Inside the Identity Stack
NewCore emerged from stealth with $66 million and an identity-security platform built for AI agents. The launch shows why enterprises need agent identities, revocation paths, and access controls before autonomous tools touch production systems.
curl’s July Security Pause Shows AI Bug Reports Have a Human Bottleneck
The curl project will pause public vulnerability reports during July 2026 after months of AI-assisted security-report pressure. The break exposes a practical risk for companies that depend on critical open source software: finding bugs is getting faster than triage, patching, and maintainer capacity.
Oracle PeopleSoft Zero-Day Turns ERP Servers Into an Incident Response Priority
Oracle’s CVE-2026-35273 alert, CISA’s exploited-vulnerability listing, and Mandiant’s ShinyHunters findings make PeopleSoft patching only the first step. Exposed systems need log review, endpoint checks, and network hardening now.