Observability for AI Systems: Strengthening visibility for proactive risk detection

Adoption of Generative AI GenAI and agentic AI has accelerated from experimentation into real enterprise deployments. What began with copilots and chat interfaces has quickly evolved into powerful business systems that autonomously interact with sensitive data, call external APIs, connect to...

The Attack Cycle is Accelerating: Announcing the Rapid7 2026 Global Threat Landscape Report

The predictive window has collapsed. In 2025, high-impact vulnerabilities weren’t quietly accumulating risk. They were operationalized, and often within days. Today, Rapid7 Labs released the 2026 Global Threat Landscape Report, an in-depth analysis of how attacker behavior is evolving across...

Meta’s AI Glasses and Privacy

Surprising no one, Meta's new AI glasses are a privacy disaster. I'm not sure what can be done here. This is a technology that will exist, whether we like it or not. Meanwhile, there is a new Android app that detects when there are smart glasses nearby...

ai.driftkit:driftkit-vector-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-vector-spring-ai-starter (>=0.6.0 <=0.8.7) +187 more potentially affected by CVE-2026-22729 via org.springframework.ai:spring-ai-vector-store (>=1.0.0-M7 <=1.0.3)

org.springframework.ai:spring-ai-vector-store MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =1.0.0.1, =1.0.0.1, =1.0.0.3, =1.0.0.3, =1.0.0.1, =1.0.0.4 - com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-nacos-mcp-client =1.0.0.1 and more Source cves: CVE-2026-227...

CVE-2026-22730

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

Blending Chat with Rich UIs with Spring AI and MCP Apps

The way humans typically interact with AI is via a chat-style interface such as ChatGPT or Claude Desktop. In fact, the ability to converse with an AI in natural language is perhaps one of the most amazing things about this technology. It lets humans talk to computers in human terms, rather than...

How to Prioritize Vulnerabilities Effectively: A Framework

Attackers don’t care about your massive backlog of "critical" vulnerabilities. They look for the path of least resistance—the one exploitable weakness that gives them a foothold into your network. If your vulnerability management program isn't thinking like an attacker, you're always one step...

What is CTEM? A Modern Approach to Cyber Risk

To effectively defend your organization, you need to think like an attacker. Attackers don’t care about a vulnerability’s CVSS score; they care about whether they can exploit it to reach a valuable target. Traditional security often misses this crucial context, leaving you to guess which of the...

Investing in the people shaping open source and securing the future together

Open source has always been about community. It's about maintainers who review pull requests late at night. Volunteers who respond to security reports from strangers. And communities that quietly power the world's software. The reality behind the commits is that maintainers get stretched thin. Th...

ClickFix Attack Targets Devs with MacSync Malware via Fake Claude Tools

Cybersecurity researchers at 7AI have revealed a new Claude Fraud campaign in which hackers use fake AI extensions and Google ads to steal data from tech professionals...

90% of people don’t trust AI with their data

AI didn’t sneak into our lives. It burst through the door, took a seat at the table, and started finishing our sentences. Instead of a helpful list of links, Google now tries to answer your question. Microsoft’s Copilot drafts replies to your boss before you’ve had coffee. Your phone summarizes...

Sears Exposed AI Chatbot Phone Calls and Text Chats to Anyone on the Web

Customer conversations with chatbots can include contact information and personal details that make it easier for scammers to launch phishing attacks and commit fraud...

org.springframework.ai:spring-ai-starter-vector-store-mariadb (>=2.0.0-M1 <=2.0.0-M2) potentially affected by CVE-2026-22730 via org.springframework.ai:spring-ai-mariadb-store (>=2.0.0-M1 <=2.0.0-M2)

org.springframework.ai:spring-ai-mariadb-store MAVEN version =2.0.0-M1, =2.0.0-M1, =2.0.0-M2 Source cves: CVE-2026-22730 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15679672...

7 Best CTEM Tools to Reduce Your Attack Surface

To truly secure your organization, you have to start thinking like an attacker. An adversary doesn’t care about your endless spreadsheet of CVEs; they look for a single, exploitable path to their objective. So, how do you find that path before they do? You start by using threat intelligence to...

The 5 Stages of a CTEM Cybersecurity Program

To beat an attacker, you have to think like one. An adversary doesn't care about your compliance reports or internal severity ratings. They care about one thing: finding an exploitable path to your critical assets. So why are we still prioritizing based on theoretical scores? A modern security...

A Guide to Threat Exposure Management for Enterprises

For years, security has been an inside-out job. We scan our own systems, find our own flaws, and create our own to-do lists. But what if we flipped the script and looked at our organization from the outside-in? This is the core idea behind Threat Exposure Management. It’s a continuous process tha...

Top 5 Vulnerability Prioritization Tools for Enterprises

A high CVSS score doesn’t always equal high business risk. A critical vulnerability on a non-essential, isolated asset might be less of a priority than a medium-level one on your primary payment server. To truly manage risk, you have to connect technical data to business context. This means...

CVE-2026-26133

AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...

Secure the AI Factory: Data Center Security for Accelerated Intelligence

...

Models Are Applying to Be the Face of AI Scams

Dozens of Telegram channels reviewed by WIRED include job listings for “AI face models.” The mostly women who land these gigs are likely being used to dupe victims out of their money...