EUVD-2026-20564

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence typeenrichmentdata typically high-privilege...

CVE-2026-34724

Zammad (web-based helpdesk) contains a server-side template injection vulnerability leading to remote code execution via the AI Agent, present before version 7.0.1. The impact is restricted to environments where an attacker can influence type_enrichment_data (typically high-privilege administrati...

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter...

EUVD-2026-20398

Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through = 1.4.2...

Protecting Publishing: The Real Cost of AI Bots

...

CVE-2026-39699 WordPress AI Workflow Automation plugin <= 1.4.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through = 1.4.2...

CVE-2026-39699

Missing Authorization vulnerability in massiveshift AI Workflow Automation ai-workflow-automation-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Workflow Automation: from n/a through = 1.4.2...

CVE-2026-39506

The CVE-2026-39506 entry covers a Missing Authorization (Broken Access Control) vulnerability in the WordPress plugin WordPress AI Engine (Pro) / ai-engine-pro. Affected versions are prior to 3.4.2. The root cause is incorrectly configured access control security levels, enabling unauthorized acc...

Zammad 安全漏洞

Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 contained security vulnerabilities. These vulnerabilities stemmed from failed authorization at REST endpoints, which could allow unauthorized data to appear in AI notifications...

SentinelSphere: Integrating AI-Powered Real-Time Threat Detection with Cybersecurity Awareness Training

The field of cybersecurity is confronted with two interrelated challenges: a worldwide deficit of qualified practitioners and ongoing human-factor weaknesses that account for the bulk of security incidents. To tackle these issues, we present SentinelSphere, a platform driven by artificial...

Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything

The AI lab's Project Glasswing will bring together Apple, Google, and more than 45 other organizations. They'll use the new Claude Mythos Preview model to test advancing AI cybersecurity capabilities...

Cybersecurity in the Age of Instant Software

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: "instant software." Taken to an extreme, it might become easier for a user to have an AI write an application on demand--a spreadsheet, for...

Russia Hacked Routers to Steal Microsoft Office Tokens

Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens...

dst-engine

DST: Deterministic Security Testing Static analysis that does...

Signals from the Cloud Security Forecast 2026: Cloud Risk Is Scaling through Design, Not Disruption

Key Takeaways Identity and permissions now determine what is reachable, making them the primary drivers of cloud risk. Runtime exposure, not individual findings, determines how low-risk issues combine into real impact. SaaS and OAuth integrations extend the control plane and amplify blast radius...

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

In this article 1. DNS hijacking attack chain: From compromised devices to AiTM and other follow-on activity 2. Mitigation and protection guidance 3. Microsoft Defender detection and hunting guidance Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been...

Important: Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA)

Red Hat AI Inference Server Model Optimization Tools 3.2.2 CUDA is now available. Red Hat® AI Inference Server Model Optimization Tools...

LanG -- a Governance-Aware Agentic AI Platform for Unified Security Operations

Modern Security Operations Centers struggle with alert fatigue, fragmented tooling, and limited cross-source event correlation. Challenges that current Security Information Event Management and Extended Detection and Response systems only partially address through fragmented tools. This paper...

Foundations for Agentic AI Investigations from the Forensic Analysis of OpenClaw

Agentic Al systems are increasingly deployed as personal assistants and are likely to become a common object of digital investigations. However, little is known about how their internal state and actions can be reconstructed during forensic analysis. Despite growing popularity, systematic forensi...

Strengthening secure software at global scale: How MSRC is evolving with AI

Cybersecurity has always been a race between defenders and attackers, constrained by human time, attention, and scale. What is changing now is the level of capability available to apply security fundamentals with far greater reach and speed...