Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI-generated code is running wild inside the enterprise. Now what?

Restrict access to AI tools and you curb innovation. Open it up and security risks multiply. And then there's a third problem: approved tools behaving in unapproved ways. Security and IT leaders are navigating a new and fast-moving problem - employees using AI to build workflows, automations, and agents faster than anyone can track or govern. The question isn't whether it's happening. It's what to do about it.

Proof Over Prediction: What Happens When You Actually Watch Who's Attacking AI Infrastructure

Customer telemetry shows how AI agents behave in a limited set of production environments and what risks they carry. Vulnerability research surfaces how those environments can be attacked. Both sources are valuable, but neither shows actual attacker behavior or how quickly they operationalize a new vulnerability once it's public.

CVE-2026-48558: Critical Authentication Bypass Vulnerability in SimpleHelp RMM Exploited for Credential Theft and Malware Delivery

CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software, caused by improper validation of OpenID Connect (OIDC) token signatures. When OIDC is configured with group-authenticated login settings, unauthenticated attackers can forge identity tokens to bypass multi-factor authentication and gain privileged technician-level access to vulnerable SimpleHelp servers — without valid credentials.

Critical Remote Code Execution Vulnerability in libssh2 Client Library Require Urgent Mitigation

A suite of severe vulnerabilities has been disclosed in libssh2 (an SSH client library widely embedded in software such as curl, Git GUI clients, PHP, backup tools, and many IoT/embedded devices). The most critical, CVE-2026-55200 (CVSS 9.2/9.8), is a memory corruption bug in libssh2’s ssh2_transport_read() triggered by a malicious SSH server pre-authentication via a crafted packet_length.

Brace Yourself: Denial-of-Service in a Billion-Download Dependency

brace-expansion is a very popular npm package with over 38 billion all-time downloads (yeah, over 38,000,000,000) and used by tooling almost every JavaScript project relies on - eslint, glob, and npm itself. Despite being in the public eye for a while, we found a new Denial-of-Service vulnerability that could affect millions. This post walks through what the package does, existing issues that were fixed, and the new one we found - CVE-2026-13149.

Everything you need to know for a career in cybersecurity

So, you want to be a cybersecurity analyst. With the rise in high-profile data breaches, privacy concerns and rapid technological advancements, there’s a greater demand for cybersecurity analysts now. And the demand for cybersecurity analysts is only expected to grow. But before you get too far into pursuing this job, let’s look into the basics of this profession. Below, we answer the most frequently asked questions about becoming a cybersecurity analyst.