For years, the internet’s move to post‑quantum cryptography focused first on TLS, but site‑to‑site networking has lagged behind. Today Cloudflare is announcing general availability of post‑quantum encryption for Cloudflare IPsec, bringing hybrid ML‑KEM protection to WAN tunnels so organizations can defend against “harvest‑now, decrypt‑later” attacks without buying specialized hardware. This update moves another critical piece of enterprise networking closer to
Month: April 2026
How the Google Gemini CLI Flaw Turned CI/CD Pipelines into Remote Code Execution Risk
A critical remote code execution (RCE) vulnerability in the Google Gemini CLI and its associated GitHub Action exposed a startling weakness in how AI tooling can interact with developer infrastructure. Rated with the maximum CVSS score of 10.0, the bug allowed unprivileged external actors to execute commands on the machines running CI/CD workflows. This wasn’t a prompt-injection trick against a
Email threat landscape: Q1 2026 trends and insights
During the first quarter of 2026, email-based threats remained pervasive and dynamic. Microsoft Threat Intelligence recorded roughly 8.3 billion phishing messages across January–March, with monthly volumes edging down from about 2.9 billion in January to 2.6 billion in March. While total volume showed only slight decline, the quarter revealed important shifts in delivery mechanisms and attacker behavior: link-based attacks dominated,
CISA orders federal agencies to patch CVE-2026-32202 after zero-click NTLM hash leak is reported
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure Windows systems against a vulnerability tracked as CVE-2026-32202 after cybersecurity firm Akamai reported it as a zero-click NTLM hash leak left behind when Microsoft incompletely patched a February remote code execution flaw (CVE-2026-21510). CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) Catalog and mandated that
Agents, Stripe Projects, and zero-friction Cloudflare provisioning
Agents can now take a project from idea to live production on Cloudflare without a human manually opening a dashboard, entering card details, or copying API keys. In partnership with Stripe’s new Projects flow, Cloudflare built a protocol that lets an orchestrator platform (like Stripe Projects) attest to a signed‑in user’s identity, provide a payment token, and expose a catalog
Accenture’s Big Bet: Rolling Copilot Out to 743,000 Employees and What It Means for Enterprise AI
Accenture is expanding its use of Microsoft’s Copilot 365 AI assistant across its entire global workforce—about 743,000 people—a move that marks one of the largest enterprise deployments of the tool to date. The companies did not disclose financial terms, but the scale of the rollout sends a clear signal: major consultancies are moving from pilot projects to firmwide adoption, betting