Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

FalconID is now generally available, bringing phishing-resistant MFA to the CrowdStrike Falcon platform and advancing CrowdStrike’s leadership in identity security. Adversaries continue to use legitimate identities to infiltrate and navigate organizations while evading defenses. As they adopt AI, the scale and impact of social engineering and credential abuse are growing. AI-enhanced phishing, MFA fatigue, and session hijacking enable threat actors to bypass MFA.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Any plans for the weekend? Might want to do these first though.

CVE-2026-20127 is a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller (vSmart) and Cisco Catalyst SD-WAN Manager (vManage). The flaw stems from improper validation within the control plane and management plane authentication mechanisms, allowing a remote, unauthenticated attacker to submit crafted requests that bypass standard authentication controls. Successful exploitation results in access to the system as a high-privileged internal user account.

The Asia-Pacific region is home to the highest concentration of manufacturing sites on the planet, so it comes as no surprise that manufacturers here absorb more attacks than the rest of the world combined. LevelBlue SpiderLabs compiled the Manufacturing Threat Landscape 2025 report, which noted that 56% of all attacks targeting the manufacturing sector occurred in the APAC region. This is compared to 22% in North America, Europe (16%), and Africa (2%).

In my previous piece, "The Agentic AI Governance Blind Spot," I laid out what I believe is one of the most critical gaps in the AI governance landscape today: the three most cited frameworks in AI governance, NIST AI RMF, ISO 42001, and the EU AI Act, don’t contain a single mention of agentic AI. Not one reference to autonomous agents, multi-agent systems, or AI that takes actions with real-world consequences. The response to that piece confirmed what I suspected.

In this second installment of a series on the transformation of SafeBreach’s development organization, VP of Development Yossi Attas details a structured operational workflow that integrates Jira, BitBucket, and Claude Code to turn AI usage from ad-hoc prompting into a rigorous engineering methodology.

Cyber threat intelligence is often presented as a catalog of named threat actors, past incidents, and attribution labels that promise clarity. For defenders trying to understand risk, this structure feels reassuring. It suggests that threats can be identified, tracked, and anticipated based on observed behaviors. In practice, that confidence is often overstated.

Proprietary data is the definitive differentiator in the age of AI. Models can be replicated, infrastructure can be rented, and tools can be replaced. What cannot be easily reproduced is institutional knowledge, customer insight, and strategic intent found in enterprise data. This data must be continuously identified, deeply understood, and actively protected as it changes state, location, and context.

Governments and regulated enterprises are pulling their most sensitive workloads out of infrastructure they can’t fully control. That’s the core driver behind sovereign cloud: cloud infrastructure where data residency, jurisdictional control, and supply-chain transparency are architectural requirements, not optional features. With GAIA-X moving into implementation and vendors like Red Hat launching sovereign support models for EU member states, adoption is accelerating fast.

In this article, we will explore the hot topic of securing AI-generated code and demonstrate a technical approach to shifting security left for cloud AI agents by using Model Context Protocol (MCP) tools.