Software Is Now Written at the Speed of Thought. Security Isn't.

Software Is Now Written at the Speed of Thought. Security Isn’t.

Every major evolution in software development has reduced the friction between an idea and a deployable solution. Waterfall optimized execution against a plan. Agile optimized adaptation to change. DevOps optimized continuous delivery. Today, generative artificial intelligence and Vibe Coding optimize creation for anyone, anywhere. But as software creation approaches the

Read More »
Max severity Adobe ColdFusion flaw now exploited in attacks

Max severity Adobe ColdFusion flaw now exploited in attacks

Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. ColdFusion is a commercial web app development platform designed to help build and deploy enterprise-grade websites. The CVE-2026-48282 security flaw affects ColdFusion versions 2025.9, 2023.20, and earlier, and can be exploited by

Read More »
JadePuffer ransomware used AI agent to automate entire attack

JadePuffer ransomware used AI agent to automate entire attack

Researchers identified what they believe is the first documented case of a ransomware operation, JadePuffer, conducted entirely by a large language model (LLM) agent. According to cloud security company Sysdig, JadePuffer used an autonomous AI agent for reconnaissance on the target, to steal credentials, move laterally, establish persistence, escalate privileges,

Read More »
ARToken PhaaS exposes EvilTokens' Microsoft 365 phishing toolkit

ARToken PhaaS exposes EvilTokens’ Microsoft 365 phishing toolkit

A new phishing-as-a-service (PhaaS) platform dubbed “ARToken” appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. Cisco Talos researchers discovered the platform while investigating phishing infrastructure used in an incident response engagement and identified a

Read More »
Microsoft quietly extends free Windows 10 ESU support to October 2027

Microsoft quietly extends free Windows 10 ESU support to October 2027

Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027. The change was made without a formal announcement and instead appeared in updates to Microsoft’s Windows 10 ESU documentation

Read More »