9 out of 10 people can no longer distinguish real from AI-generated content
Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine …
Threat actors are recruiting the people who hold cloud logins
Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into …
Making the cloud prove it followed your privacy wishes
Companies that store personal data in cloud key-value databases should handle deletion requests by running the operation and confirming the job is complete. The people making …
Prompt injection still drives most agentic AI security failures in production
A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model …
X Square Robot open sources its robot-free data collection framework
Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot …
Organizations can’t see much of their mobile AI activity
Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s …
Identity theft is turning into a chain reaction for victims
For a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft …
Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)
Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the …
New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials
A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication …
Building reusable workflows with custom agents in Copilot CLI
Developers spend much of their working time in the terminal, generating commands, debugging issues, and running scripts close to their systems. Repeated terminal work tends to …
Record Microsoft Patch Tuesday, fresh zero-day
Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher …
Apple extends Private Cloud Compute to third-party data centers
Apple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data centers. Introduced in …
Featured news
Resources
Don't miss
- SingGuard-NSFA: Open-source guardrails for agentic AI
- The MDR renewal question: What changes when AI can handle the alerts
- SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
- “Context bombs” can frustrate AI-driven attacks, researchers found
- No one knows how many old shims can still bypass UEFI Secure Boot