Dispatches. Practitioner-first cybersecurity coverage.
Independent reporting on AI security, SOC automation, identity, data and the adversarial edge. Every piece is rewritten in-house and credits every source — never a press-release copy.
Archive
Page 2 of 4-
Policy CISA Drops Eight Live-Fire CVEs Into KEV With April–May Deadlines, Three of Them Cisco SD-WAN
Federal civilian agencies have less than two weeks to remediate eight newly weaponized CVEs added to CISA's Known Exploited Vulnerabilities catalog — three of them in Cisco Catalyst SD-WAN Manager, plus reactivated bugs in PaperCut, Zimbra, Quest KACE, JetBrains, and Kentico that are now tied to nation-state and ransomware operators.
-
AI Agents Flowise's Third Live-Fire RCE: 12,000 AI-Agent Builders Exposed to a CVSS 10.0 Code-Injection Bug
A maximum-severity code-injection flaw in Flowise's CustomMCP node, CVE-2025-59528, is being exploited from a single Starlink IP across more than 12,000 internet-facing instances — the third in-the-wild Flowise vulnerability in seven months.
-
Identity Stolen Session Cookies Now Outpace Stolen Passwords — and 31% of Them Walk Past MFA
Recorded Future's 2025 identity-threat data, surfaced this week by Dark Reading, indexed 276 million stolen credentials carrying active session cookies — about 31% of all malware-sourced creds, each one effectively pre-authenticated. Identity is the perimeter, and the multi-factor prompt is no longer the chokepoint defenders thought it was.
-
AI Security An AI Inference Server Bug Was Weaponized in Twelve Hours — LMDeploy Joins the Fast-Burn AI-Infra List
Twelve hours and thirty-one minutes after public disclosure, attackers were already pivoting through CVE-2026-33626, a server-side request forgery flaw in LMDeploy's vision-language module — probing AWS metadata, Redis, and MySQL from a tool most ML teams run with little operational telemetry.
-
Threat Intel A Crafted PDF Is Still Enough — Adobe Patches an Actively Exploited Acrobat Zero-Day
CVE-2026-34621 is a prototype-pollution flaw in Acrobat's JavaScript engine that turns a malicious PDF into arbitrary code execution. Researchers say exploitation began in December 2025 — four months before Adobe's emergency patch and the CISA KEV listing.
-
AI Security An 'Expected' MCP Behavior Is Now an RCE Vector Across 7,000 AI Servers
OX Security disclosed a design-level flaw in Anthropic's Model Context Protocol that turns the STDIO transport's default configuration into remote code execution. Anthropic says the behavior is expected; the open-source agent ecosystem now has dozens of CVEs to triage.
-
Threat Intel Germany Names the Architect Behind GandCrab and REvil's Double-Extortion Era
After years of operating behind the handle 'UNKN,' the alleged head of GandCrab and REvil now has a face. Germany's BKA named 31-year-old Daniil Maksimovich Shchukin, tying him to 130 attacks and €35 million in damage.
-
Supply Chain Vercel's Context.ai Breach Pins the Real Cost of an 'Allow All' OAuth Click
A Vercel employee gave a small AI productivity tool full Google Workspace permissions. Months later, that tool was breached — and the attacker walked the OAuth scope straight into Vercel's environment.
-
Threat Intel FortiClient EMS Falls to a Second Pre-Auth Bypass in Weeks — and Lands on the KEV in 24 Hours
CVE-2026-35616 lets unauthenticated attackers pivot through a Fortinet endpoint management console that thousands of enterprises use to push policy to laptops. Honeypot data shows exploitation began over a holiday weekend, and CISA gave federal agencies three days to patch.