News
Argo CD flaw shows why Git Ops infrastructure should be treated as tier zero
12+ hour, 24+ min ago (516+ words) A newly disclosed vulnerability in Argo CD is drawing attention to the security risks of Git Ops platforms, with researchers warning that the flaw could allow attackers who gain a foothold inside a Kubernetes cluster to execute code and manipulate…...
Sandbox bypass flaws in Cursor IDE highlight prompt injection as an RCE vector
5+ day, 14+ hour ago (525+ words) Researchers have discovered two vulnerabilities in the widely used Cursor AI-enabled integrated development environment (IDE) that can be exploited through prompt injection to achieve remote code execution (RCE). The two flaws, tracked as CVE-2026-50548 and CVE-2026-50549, allow attackers to break…...
Malicious Chromium extension spoofs Perplexity AI to hijack browser searches
5+ day, 14+ hour ago (560+ words) Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users" search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines. Microsoft Threat Intelligence said the extension…...
Hackers exploit critical PTC Windchill PLM software flaw
5+ day, 21+ hour ago (319+ words) Hackers are exploiting a critical vulnerability recently patched in PTC Windchill and Flex PLM, two product lifecycle management solutions used by organizations across a range of industries, including defense, aerospace, automotive, medical, electronics, industrial machinery, and consumer goods. The vulnerability,…...
Malware authors subvert AI detection systems
5+ day, 22+ hour ago (193+ words) Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach. Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to…...
It's not just the spiders: Cyberattacks pose a "threat to life' in Australia
6+ day, 4+ hour ago (213+ words) Australia's Security Intelligence Organization (ASIO) has uncovered an attack on a critical infrastructure operator's network. State-sponsored actors had compromised the network and were preparing to sabotage it, according to its director general, Mike Burgess. It's impossible to exaggerate the danger…...
What CISOs need to tell the board about zero trust in OT: A 90-day communication and action plan
1+ week, 1+ day ago (470+ words) I work as a principal specialist at a pipeline operator where Operational Technology (OT) is the backbone of the business. I do not report to the board or act as a CISO, but the issues that get raised to those…...
Proposed US law would make AI risk reporting a legal obligation
6+ day, 6+ hour ago (699+ words) US lawmakers on Thursday introduced a bill that would require developers of advanced AI models to report major safety and security incidents to the Commerce Department, establishing a federal oversight framework for high-risk AI systems. The bill directs the Secretary…...
Mythos is a signal, not a siren: What frontier AI should change for CISOs
1+ week, 3+ hour ago (610+ words) When a new AI capability starts making headlines, I see the same pattern play out in boardrooms and executive staff meetings. The technology is introduced as a looming breakthrough for attackers. The conversation quickly shifts to worst-case scenarios. Then security…...
GDPR at 10: Landmark data protections, increasing business burden
1+ week, 4+ hour ago (606+ words) Ten years have passed since the General Data Protection Regulation (GDPR) came into force, and the results are mixed. While data protection has become more firmly established in European companies " and beyond " than ever before, the business world remains critical…...