RSAC 2026: Sonar Shares Why Code Security Must Shift Before CI
At RSAC 2026, Sonar’s VP of Code Security Jeremy Katz warned that traditional CI/CD checkpoints are no longer sufficient as AI‑assisted, agent‑driven development accelerates code creation. He highlighted a critical gap: security must be applied before code reaches CI, with real‑time validation as developers and AI agents write code. Sonar introduced new features, including automated malicious package detection in SonarQube Advanced Security and a CLI that scans code locally, aiming to guard against supply‑chain attacks and AI‑generated vulnerabilities. The company’s Agent‑Centric Development Cycle (AC/DC) embeds a verification loop to ensure continuous security checks.
RSAC 2026: How Zscaler Is Securing the AI Ecosystem
At RSAC 2026 Zscaler unveiled an AI Security Suite that moves beyond point‑solution fixes to protect the entire AI ecosystem. The platform delivers an inventory of AI assets, applies zero‑trust controls to AI traffic, and automates lifecycle defenses such as...
Ransomware’s Opening Play: Target Identity First
Ransomware groups are shifting focus from encrypting files to compromising identity infrastructure such as Active Directory, Entra ID, and Okta. Semperis research shows 83% of ransomware attacks involve identity compromise, and 56% of attacks succeed, causing widespread operational disruption. By...
Surfshark vs NordVPN (2026): Which VPN Wins? Full Breakdown
The 2026 guide pits Surfshark against NordVPN, breaking down pricing, server coverage, connection limits, speed, and security tools. Surfshark’s One plan starts at $2.49 per month, offers unlimited simultaneous devices, and covers 3,200+ servers in 100 countries. NordVPN begins at $3.39 per...
AiLock Ransomware Claims England Hockey Data Breach
England Hockey confirmed a ransomware investigation after the AiLock gang claimed to have stolen roughly 129 GB of internal data and threatened public release. The group, known for its double‑extortion tactics, encrypts files using ChaCha20 and a post‑quantum NTRUEncrypt algorithm. England...
Hack the AI Brain: LangSmith Vulnerability Could Expose Sensitive AI Data
Researchers at Miggo Security uncovered CVE‑2026‑25750 in LangSmith, an AI observability platform used to monitor LLM applications. The flaw stems from an unvalidated baseUrl parameter in LangSmith Studio, allowing a malicious URL to redirect authenticated API calls to an attacker‑controlled...
Active Directory Flaw Enables SYSTEM Privilege Escalation
Microsoft disclosed CVE-2026-25177, an Active Directory Domain Services flaw with an 8.8 CVSS rating that lets attackers manipulate Service Principal Names using hidden Unicode characters. The vulnerability enables privilege escalation to SYSTEM level across the domain, even with minimal initial...
Microsoft .NET Vulnerability Enables Remote DoS Attacks
Microsoft disclosed CVE‑2026‑26127, an out‑of‑bounds read flaw in the .NET framework that enables unauthenticated attackers to trigger remote denial‑of‑service conditions. The vulnerability affects multiple .NET versions and carries a CVSS rating of 7.5, indicating high severity. Microsoft has released a...
AVideo Zero-Click Flaw Lets Attackers Hijack Live Streams
A zero‑click command injection flaw (CVE‑2026‑29058) was found in the open‑source AVideo streaming platform’s objects/getImage.php endpoint. The vulnerability decodes a Base64‑encoded parameter and injects it directly into an ffmpeg shell command, allowing unauthenticated attackers to execute arbitrary code. Exploitation can...
CleanMyMac Imposter Site Installs SHub Stealer on Macs
A counterfeit CleanMyMac website (cleanmymacos.org) lures macOS users into pasting a malicious Terminal command, which installs the SHub Stealer infostealer. The script bypasses Gatekeeper, notarization and XProtect by executing directly in the user’s shell. Once installed, the loader checks for...
AWS-LC Flaws Could Bypass Certificate Verification
Amazon disclosed three critical flaws in its open‑source AWS‑LC cryptographic library, including CVE‑2026‑3336 and CVE‑2026‑3338 that can bypass PKCS7 signature verification and CVE‑2026‑3337 a timing side‑channel in AES‑CCM. The vulnerabilities affect AWS‑LC, AWS‑LC‑FIPS and language bindings such as aws‑lc‑sys. No...
AI Exploits, Cloud Breaches, and Identity Gaps Define This Week’s Cybersecurity Landscape
This week’s cybersecurity briefing highlighted a surge of AI‑driven exploits, including the unpatched MS‑Agent flaw in ModelScope and a patched prompt‑injection bug in Perplexity’s Comet browser. Critical infrastructure suffered high‑impact vulnerabilities such as Juniper PTX routers allowing unauthenticated root takeover...
Alabama Sextortion Case Involved Hundreds of Victims
A 22‑year‑old Alabama man, Jamarcus Mosley, pleaded guilty to federal charges for hijacking the Snapchat and Instagram accounts of hundreds of young women between 2022 and 2025. He used impersonation to obtain recovery codes, seized control of accounts, and extorted...
$5M Microsoft Activation Key Fraud Ends in Prison Term
Florida court sentenced Heidi Richards, operator of Trinity Software Distribution, to 22 months in federal prison and a $50,000 fine for a multi‑year scheme that trafficked Microsoft Certificate of Authenticity (COA) labels. The operation wired over $5.1 million to a Texas...
Identity Security Blind Spots Fuel Modern Attacks
Permiso’s 2026 State of Identity Security report reveals that organizations are vastly overconfident about identity controls as identity becomes the dominant attack vector in cloud environments. The study finds that 92% of firms run AI agents that create identities without...
BYOVD Turns Trusted Drivers Against Windows Security
Threat actors are increasingly exploiting the Bring Your Own Vulnerable Driver (BYOVD) technique, loading digitally signed but flawed Windows drivers to obtain Ring 0 kernel privileges. By leveraging legitimate drivers extracted from vendor installers, attackers can bypass endpoint detection and response...
FreeBSD Jail Escape Flaw Breaks Filesystem Isolation
A critical vulnerability identified as CVE-2025-15576 compromises FreeBSD 13.5 and 14.3 by allowing a jailed process to escape its chroot through a nullfs‑shared directory and Unix domain socket. The flaw bypasses kernel‑enforced filesystem boundaries, granting full host‑filesystem access to an...
ServiceNow AI Platform Vulnerability Enables Unauthenticated RCE
ServiceNow disclosed and patched a critical vulnerability, CVE-2026-0542, in its AI Platform that could allow unauthenticated remote code execution. The flaw bypasses the ServiceNow Sandbox, affecting web interfaces, API endpoints, and automation modules, and carries a CVSS rating of 9.8....
ShinyHunters Claims Wynn Resorts Data Theft
Wynn Resorts disclosed that an unauthorized party accessed employee data after the casino‑hospitality firm appeared on ShinyHunters' extortion leak site. The group claims to have stolen more than 800,000 records, including Social Security numbers, from Wynn's Oracle PeopleSoft HR platform....
Google Patches Three High-Severity Chrome Flaws
Google released a Chrome security update that fixes three high‑severity vulnerabilities (CVE‑2026‑3061, CVE‑2026‑3062, CVE‑2026‑3063). Two of the flaws involve out‑of‑bounds memory reads, while the third adds out‑of‑bounds writes in the WebGPU shader compiler. The bugs affect Chrome’s media stack, the...
Ransomware, Zero-Days, and Data Breaches Shape This Week’s Cybersecurity Landscape
This week’s cybersecurity briefing spotlights a Dell RecoverPoint zero‑day that’s actively delivering web shells in VMware environments, alongside critical Ivanti EPMM remote‑code‑execution flaws and an Apache NiFi RBAC bypass. Over 40% of OpenClaw AI skills were found vulnerable, highlighting supply‑chain...
Apache Tomcat Vulnerability Circumvents Access Rules
Apache Tomcat’s CVE‑2026‑24733 vulnerability allows attackers to bypass security constraints that permit HEAD but deny GET requests by sending a malformed HEAD request using the obsolete HTTP/0.9 protocol. The flaw stems from Tomcat’s legacy handling of HTTP/0.9, which does not...
Better-Auth Flaw Allows Unauthenticated API Key Creation
A critical flaw (CVE‑2025‑61928) in the better‑auth npm library’s API‑key plugin lets unauthenticated actors mint privileged API keys for arbitrary users. The vulnerability stems from improper authorization checks in the createApiKey and updateApiKey handlers, which accept a userId without a...
OpenClaw Flaw Enables AI Log Poisoning Risk
A log‑poisoning flaw was discovered in OpenClaw’s gateway server, affecting versions up to 2026.2.12. The vulnerability arises from unsanitized WebSocket headers—such as Origin and User‑Agent—being written directly to structured logs when a handshake is aborted. An unauthenticated attacker could inject...
CVE-2026-25903 Impacts Apache NiFi Users
A new vulnerability, CVE‑2026‑25903, affects Apache NiFi versions 1.1.0 through 2.7.2 and was patched in 2.8.0. The flaw allows users with limited privileges to modify the configuration of already‑deployed restricted components, bypassing the platform’s authorization checks. While it does not...
BeyondTrust RCE Exploited for Domain Control
Attackers are actively exploiting CVE‑2026‑1731, an unauthenticated OS command injection flaw in self‑hosted BeyondTrust Remote Support and Privileged Remote Access appliances. The vulnerability enables remote code execution, allowing threat actors to run commands as SYSTEM, install the SimpleHelp RMM tool,...
1,800+ Windows Servers Hit by BADIIS SEO Malware
Elastic researchers uncovered a large‑scale SEO poisoning campaign that has compromised more than 1,800 Windows servers running Microsoft IIS. The BADIIS malware installs as a native IIS module, intercepting crawler traffic and injecting malicious backlinks to promote illicit gambling and...
Apple Patches Actively Exploited Zero-Day Flaw
Apple has issued patches for CVE-2026-20700, a zero‑day vulnerability in the dyld dynamic linker affecting iOS, iPadOS, macOS, tvOS, watchOS and visionOS. The flaw enables arbitrary code execution with memory‑write capability and was actively exploited in highly sophisticated, targeted attacks,...
Viral AI Caricatures Highlight Shadow AI Dangers
A viral Instagram and LinkedIn trend sees millions prompting ChatGPT to generate caricatures that describe their jobs, then posting the images publicly. The practice unintentionally reveals how employees use large language models (LLMs) at work and what data they may...
CVE-2026-25646: Legacy Libpng Flaw Poses RCE Risk
CVE‑2026‑25646 reveals a heap‑buffer overflow in libpng’s png_set_quantize function, a flaw that has existed for nearly three decades across all historic releases. The bug triggers when a PNG image contains a palette chunk without a histogram and requests color quantization,...
CVE-2026-21514: Actively Exploited Word Flaw Evades OLE Security
Microsoft disclosed CVE‑2026‑21514, an actively exploited vulnerability in Word that bypasses Object Linking and Embedding (OLE) security controls. The flaw lets specially crafted documents execute code without triggering Protected View or enable‑content prompts, requiring only a user to open the...
FortiOS Authentication Bypass Exposes VPN and SSO Deployments
Fortinet disclosed CVE‑2026‑22153, an authentication‑bypass flaw in FortiOS versions 7.6.0 through 7.6.4. The bug lets unauthenticated attackers skip LDAP checks for Agentless VPN or FSSO policies when the directory permits anonymous binds, potentially granting access to internal networks via SSL‑VPN....
OpenClaw Adds VirusTotal Scanning to AI Agent Marketplace
OpenClaw has integrated VirusTotal scanning into its ClawHub marketplace to curb malicious AI skills. The workflow hashes each skill, checks VirusTotal signatures, and submits unknown bundles to Code Insight for deeper analysis, flagging or blocking threats. This move follows security...
TeamPCP and the Rise of Cloud-Native Cybercrime
Flare researchers have uncovered a threat group called TeamPCP that targets cloud‑native environments by abusing exposed Docker, Kubernetes and other orchestration interfaces. First seen in late 2025, the campaign leverages AI‑driven automation and known flaws such as CVE‑2025‑29927 and React2Shell...
Ingress-Nginx Vulnerability Enables Code Execution in Kubernetes
A critical vulnerability (CVE‑2026‑24512) in ingress‑nginx allows authenticated attackers to inject arbitrary Nginx directives via the rules.http.paths.path field, leading to code execution and secret disclosure in Kubernetes clusters. The flaw affects all ingress‑nginx releases before v1.13.7 and v1.14.3. Exploitation requires...
Chrome Vulnerabilities Allow Code Execution and Browser Crashes
Google released a Chrome update that patches two high‑severity vulnerabilities, CVE‑2026‑1862 and CVE‑2026‑1861, affecting the V8 engine and libvpx video decoder. The V8 type‑confusion flaw can enable arbitrary code execution, while the libvpx heap overflow may cause crashes or be...
Iconics SCADA Vulnerability Can Render Systems Unbootable
A newly disclosed flaw (CVE‑2025‑0921) in Iconics Suite’s Pager Agent lets a non‑admin attacker manipulate file‑system permissions to overwrite critical Windows driver files. By redirecting log output via symbolic links, the exploit can corrupt the cng.sys driver, causing the system...
Chrome Ad Blocker Caught Hijacking Amazon Affiliate Links
A Chrome extension called Amazon Ads Blocker, marketed as an ad‑hider, was found to silently replace creator affiliate tags on Amazon product links with its own identifier (10xprofit‑20). Socket researchers discovered the extension injects the tag on page load and...
Nvidia GPU Driver Flaws Enable Privilege Escalation Across Platforms
Nvidia has released a security update addressing four high‑severity GPU driver vulnerabilities that affect Windows, Linux, virtual GPU, and cloud‑gaming platforms. The flaws—CVE‑2025‑33217 through CVE‑2025‑33220—are use‑after‑free and integer‑overflow bugs with a CVSS rating of 7.8, enabling arbitrary code execution and...
Fortinet Confirms CVE-2026-24858 SSO Flaw Under Active Attack
Fortinet has confirmed that the FortiCloud Single Sign‑On (SSO) authentication bypass vulnerability (CVE‑2026‑24858) is being actively exploited in the wild. The flaw, rated 9.4 on the CVSS scale, affects FortiOS, FortiManager, FortiAnalyzer and FortiProxy, allowing attackers with a valid FortiCloud...
CVE-2025-56005: Python PLY Flaw Enables Remote Code Execution
A critical vulnerability (CVE‑2025‑56005) has been disclosed in the Python PLY library version 3.11, allowing attackers to execute arbitrary code by loading a crafted pickle file via the undocumented *picklefile* parameter. The flaw triggers during parser initialization, meaning code runs before...
Living Off the Web: How Fake Captcha Turned Trust Into a Malware Delivery Channel
Researchers at Censys have uncovered a growing ecosystem that weaponizes fake CAPTCHA pages to deliver malware. While the pages visually resemble legitimate verification challenges, they conceal more than 30 distinct payload types, including clipboard‑driven scripts, MSI installers, and server‑controlled, fileless...
GNU InetUtils Telnetd Flaw Lets Attackers Log In as Root
A critical vulnerability has been discovered in GNU InetUtils telnetd versions 1.9.3 through 2.7 that allows remote attackers to obtain root privileges without a password. The flaw stems from an unsanitized USER environment variable that can inject the "-f root"...
Oracle WebLogic Proxy Bug Enables Unauthenticated Remote Compromise
Oracle has disclosed CVE‑2026‑21962, a critical flaw in its Fusion Middleware WebLogic proxy plug‑ins that permits unauthenticated attackers to compromise Oracle HTTP Server over HTTP. The vulnerability affects Oracle HTTP Server versions 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0, as well as the...
Azure DNS Behavior Can Turn Private Endpoints Into DoS Risks
Microsoft Azure’s Private Endpoint design has a DNS flaw that can turn secure Private Link connections into denial‑of‑service conditions. When a Private DNS zone is linked across multiple virtual networks, Azure prefers that zone for name resolution; if the target...
Windows Admin Center Azure SSO Flaw Risks Tenant-Wide Compromise
A critical Windows Admin Center Azure SSO vulnerability (CVE‑2026‑20965) enables an attacker with local administrator rights on a single Azure VM or Arc‑connected system to forge a WAC.CheckAccess token and a PoP token, impersonating privileged users across the entire tenant. The...
FortiOS Vulnerability Allows Remote Code Execution Without Login
Fortinet disclosed a heap‑based buffer overflow in the cw_acd daemon of FortiOS and FortiSwitchManager that allows unauthenticated remote code execution. The flaw can be triggered via crafted network requests, especially on exposed fabric interfaces, and affects versions from 6.4.17 up...
Why the Start of the Year Is Prime Time for Insider Risk
At the start of each year, security teams face heightened insider risk due to workforce transitions such as departures, role changes, and reorganizations. These shifts often create blind spots in identity and access management, leaving dormant or over‑privileged accounts vulnerable...
Why DNS Resiliency Is Critical as Outages Surge
Service outages are rising, costing Global 2000 firms an estimated $400 billion annually, with DNS failures often at the core of prolonged downtime. The article argues that many organizations lack a true "Plan B" for DNS, relying on slow provider switches that...
AI Deployments Targeted in 91,000+ Attack Sessions
Researchers observed more than 91,000 attack sessions targeting AI infrastructure over a four‑month window, highlighting a shift from experimental probing to systematic exploitation. The first campaign leveraged server‑side request forgery against Ollama and Twilio webhooks, using a uniform JA4H TLS...