Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The defensive timeline in cybersecurity is changing faster than most organizations are prepared for. For years, defenders operated with an assumption that there would be some delay between vulnerability disclosure and exploitation. That delay created a window for patching, mitigation, and detection. It wasn’t perfect, but it gave security teams time to act. Frontier AI is removing that buffer and changing how organizations must consider cyber risk.

A CISO running AI agents on GKE has watched three Google product launches in eighteen months — Model Armor, expanded Security Command Center coverage for AI workloads, additions to Chronicle’s curated detection content — and is being asked whether the GCP-native stack is now sufficient. The vendor demos and the Google Cloud blog say yes. The 2 AM analyst experience says something different.

CVE-2026-29145 is an authentication bypass flaw in Apache Tomcat and Apache Tomcat Native affecting the CLIENT_CERT authentication path. When OCSP soft-fail is disabled, certain code paths fail to treat an OCSP check failure as a hard authentication failure, allowing a connecting client to reach protected resources without presenting a valid, revocation-checked certificate.

AI agents are increasingly used to refactor large codebases, but many teams lack a clear understanding of where they succeed and where they fail. At 1Password, we applied agentic tooling to a multi-million-line Go monolith, and in this blog we'll share what worked, what broke, and what it means for teams adopting AI in production systems.

And neither are attackers. Claude Mythos Preview has been public for less than two weeks. Vendor newsletters and LinkedIn feeds have covered it to exhaustion. Meanwhile, your Board has one question, in plain language, not acronyms: what does this mean for our company and are we prepared?

Today, Arctic Wolf is announcing Decipio, a new community‑shared cybersecurity tool designed to help defenders catch attackers while they’re trying to steal credentials inside a network. Credential theft is one of the most common ways cyber attacks begin and one of the hardest to detect early. In many cases, there’s no alert, no obvious warning, and no immediate sign that anything is wrong.

Vercel's Context.ai breach exposed environment variables that weren't marked sensitive. Learn how to pull and scan your secrets with GitGuardian.

88% of organizations now regularly use artificial intelligence (AI) in at least one business function. While adoption of AI technologies has accelerated rapidly, security measures often lag. The rush to roll out AI has, in many cases, overshadowed essential testing and safety protocols. This is particularly a worry when AI and Large Language Models (LLMs) become deeply embedded within organizational workflows and systems in a way that most software isn’t.

Sophos Firewall v22 MR1 is now available Check out the full release notes for more details and a list of fixes. Sophos Firewall v22 bolstered Secure by Design, taking it to a whole new level with major updates to the architecture and new features like the Health Check to help identify high-risk configurations.

A new survey from LevelBlue has found that a majority of Chief Technology Officers (CTOs) believe the human-related elements of their cybersecurity strategies are falling short. These concerns are exacerbated by the emergence of new threats, such as AI-assisted attacks.