Attackers and defenders are now playing with the same toys: powerful AI models that can find and exploit zero-day vulnerabilities in hours. At Google Cloud Next ’26, Google and Wiz unveiled a set of AI-driven defenses designed to shrink the time between discovery and remediation — and to automate much of the manual work that has left security teams lagging
Latest Articles

CISA Flags Actively Exploited Adobe ColdFusion Path Traversal (CVE-2026-48282)
Adobe ColdFusion administrators woke up to an urgent warning this week: a critical path traversal vulnerability (CVE-2026-48282) is being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on July 7, 2026, and issued a binding remediation timeline for federal agencies under BOD 26-04 that requires action by July 10, 2026. Because ColdFusion is frequently internet-facing in many enterprises, the window for attackers to weaponize this…
Continue readingMustang Panda Turns Its Gaze on Indian Banks: Espionage Dressed as Help Desk Support
China’s Mustang Panda APT — also tracked as TA416, Bronze President, or Stately Taurus — is best known for adaptable tradecraft and a steady focus on geopolitical intelligence collection. In its most recent campaign, researchers tied to Acronis observed the group shifting some of that attention toward India’s financial sector. The attacks are notable less for technical sophistication than for
Comment and Control: How GitHub Comments Became a New Prompt-Injection Threat
A new class of prompt-injection attacks—dubbed “Comment and Control”—turns GitHub pull requests, issues, and comments into attack surfaces that can hijack AI coding agents and siphon secrets directly from CI/CD environments. Unlike classic prompt injection that waits for a user to feed a document to an agent, this pattern is proactive: opening a PR or posting an issue can automatically
Anthropic’s MCP Design Flaw: How a Protocol-Level Vulnerability Enables Remote Code Execution at Scale
A critical architectural flaw in Anthropic’s Model Context Protocol (MCP) ecosystem has exposed a vast number of downstream systems to remote code execution (RCE) risks. Researchers at OX Security found the issue embedded across official MCP SDKs for Python, TypeScript, Java, and Rust — meaning developers building on MCP inherit the vulnerability by design rather than through a simple coding
Apple’s Leadership Shift: Tim Cook to Executive Chairman, John Ternus Named CEO
Apple has announced a major leadership transition: Tim Cook will become executive chairman of Apple’s board of directors, and John Ternus, currently senior vice president of Hardware Engineering, will step into the role of CEO on September 1, 2026. The board approved the change unanimously after a long-term succession planning process. Cook will remain CEO through the summer to work
Anthropic and Amazon Expand Partnership, Securing Up to 5GW of Compute for Claude
Anthropic announced on April 20, 2026, a major expansion of its collaboration with Amazon that will secure up to 5 gigawatts (GW) of new compute capacity to train and deploy Claude. The agreement accelerates capacity coming online this year and ties together deeper infrastructure, platform integration, and additional capital investment — steps Anthropic says are needed to meet surging customer





