Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
AIThe Top 10 Attack Surface Exposures in 2026
Security breaches increasingly stem from exposed attack surfaces rather than zero-day exploits, with vulnerabilities like MongoBleed demonstrating how internet-facing assets can be compromised within hours. Organizations face growing risk from exposed admin panels, credential reuse, and rapidly exploited vulnerabilities as time-to-exploit windows continue to shrink. Proactive attack surface manage
AICISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
CISA has added a critical security vulnerability (CVE-2026-48907) in the Joomla Content Editor (JCE) plugin to its Known Exploited Vulnerabilities catalog due to active exploitation in the wild. The flaw, which has a maximum CVSS severity score of 10.0, involves improper access control that enables attackers to execute arbitrary PHP code. Organizations using Joomla with the JCE plugin should prior
AIGoogle Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting
A vulnerability in Google Cloud Vertex AI SDK for Python enabled attackers to hijack machine learning model uploads and execute code within Google's infrastructure without requiring access to the victim's project. Palo Alto Networks Unit 42 discovered the flaw, dubbed 'Pickle in the Middle,' and reported it through Google's bug bounty program with no evidence of active exploitation.
AICISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation
CISA has added CVE-2026-54420, a high-severity privilege escalation vulnerability in the LiteSpeed cPanel Plugin, to its Known Exploited Vulnerabilities catalog. The flaw, with a CVSS score of 8.5, is being actively exploited to gain root-level access, prompting CISA to mandate Federal Civilian Executive Branch agencies remediate by June 18, 2026.
AICisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
Cisco has issued security patches for CVE-2026-20262, a medium-severity vulnerability in Catalyst SD-WAN Manager (formerly SD-WAN vManage) that is being actively exploited. The flaw, with a CVSS score of 6.5, affects the web UI and allows authenticated remote attackers to create files on the system. Organizations using Cisco SD-WAN solutions should prioritize applying these updates immediately giv
AILiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
Obsidian Security researchers discovered a critical vulnerability chain in LiteLLM, a widely-used open-source AI gateway, that allows low-privilege accounts to escalate to full admin access and execute arbitrary code on servers. The exploit chains three separate vulnerabilities and could expose all provider API keys and secrets stored on compromised LiteLLM proxy servers, which broker calls to ove
AI⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
This week's cybersecurity recap highlights recurring enterprise vulnerabilities stemming from legacy systems and operational oversights. Key incidents include a Chrome zero-day exploit, UniFi network device vulnerabilities, macOS credential stealers, and VPN security flaws. The common thread remains inadequate security hygiene around deprecated features, abandoned packages, and exposed legacy tool
AIPalo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a high-severity authentication bypass vulnerability in PAN-OS GlobalProtect VPN components. The flaw, with a CVSS score of 7.8, affects both portal and gateway components and allows threat actors to gain unauthorized access to GlobalProtect portals without proper authentication.
AICritical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk has issued critical security patches for Splunk Enterprise to address CVE-2026-20253, a vulnerability with a CVSS score of 9.8 that allows unauthenticated attackers to perform arbitrary file operations and potentially execute remote code. The flaw affects Splunk Enterprise versions below 10.2.4 and 10.0.7, enabling unauthorized users to create or truncate files without authentication.
AICISA Instructs Federal Agencies to Adopt Risk-Based Approach for Vulnerability Remediation
CISA has issued Binding Operational Directive (BOD 26-04) requiring federal civilian agencies to adopt a risk-based vulnerability remediation framework with tiered patching deadlines. The directive addresses the growing challenge of vulnerability management, as AI-accelerated vulnerability discovery has overwhelmed defenders, with remediation rates dropping from 38% in 2024 to 26% in 2025. The new
AILangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution
Three security vulnerabilities have been discovered and patched in LangGraph, an open-source framework for building multi-agent AI applications. The most critical flaw involves a vulnerability chain that could enable remote code execution, with an SQL injection identified as one of the attack vectors. Organizations using self-hosted LangGraph deployments for AI agent development should prioritize
AIMax-Severity Ivanti Flaw Exploited 24 Hours After Disclosure
A maximum-severity vulnerability in Ivanti systems was exploited within 24 hours of public disclosure, indicating threat actors had pre-positioned reconnaissance of Ivanti infrastructure. The rapid exploitation suggests attackers conducted advance mapping of target environments and were prepared to act immediately upon exploit availability.
AIAI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
Traditional vulnerability management relied on a time buffer between vulnerability discovery and exploitation, allowing teams to triage and patch systematically. AI has eliminated this buffer by accelerating threat actors' ability to weaponize vulnerabilities, rendering conventional approaches obsolete. This shift is driving CISOs to reallocate budgets toward Breach and Attack Simulation (BAS) sol
AIUnpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
An unpatched high-severity vulnerability (CVE-2026-5027) in Langflow, an open-source low-code AI application development platform, is being actively exploited in the wild. The path traversal flaw, with a CVSS score of 8.8, enables unauthenticated attackers to achieve remote code execution by writing files to arbitrary locations on affected systems.
AIIvanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
Fortinet, Ivanti, and SAP have issued security patches addressing multiple critical vulnerabilities that pose significant risks including arbitrary code execution and information disclosure. Fortinet's patch addresses a severe command injection vulnerability (CVE-2026-25089) with a CVSS score of 9.1 affecting FortiSandbox products' WEB UI. Enterprise organizations should prioritize immediate patch
AIMicrosoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Microsoft released patches for a record-breaking 206 security vulnerabilities in its software portfolio, including three publicly disclosed zero-day flaws. The update addresses 39 Critical and 167 Important severity vulnerabilities, spanning multiple attack vectors including remote code execution, privilege escalation, and information disclosure.
AIYour Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Automated penetration testing tools often create a false sense of security when reports show fewer findings over successive runs, leading organizations to mistake stability for actual security. A webinar by Picus Security addresses this critical gap, highlighting how automated pentests miss vulnerabilities that require expert analysis and context. The issue becomes particularly problematic when le
AISix Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Security researchers have discovered six vulnerabilities in protobuf.js, a widely-used JavaScript/TypeScript implementation of Protocol Buffers. These flaws could enable attackers to execute remote code execution (RCE) and denial-of-service (DoS) attacks against Node.js applications. A single malicious protobuf schema, descriptor, or payload could be sufficient to exploit these vulnerabilities in
AIA Record-Breaking Patch Tuesday for June 2026
Microsoft released a record-breaking 200 security patches in June 2026's Patch Tuesday, with nearly three dozen rated critical and at least three zero-days publicly exploitable. The unprecedented volume is attributed to increased AI-powered vulnerability discovery by both Microsoft engineers and security researchers, a trend expected to continue. The release was complicated by ongoing tensions wit