// signal
[advisory]AI SECURITY · The State of OpenAI in 2026: Security, Scale, and Stakes[advisory]RESEARCH · Kubernetes Cost-Cutting Without Security Debt: Balancing FinOps and Resilience[advisory]THREATS · Threat Actors Weaponize n8n Workflow Automation Webhooks for Malware Delivery and Device Fingerprinting[advisory]RESEARCH · Post-Quantum Security for Zero Trust and the Cloud: What Enterprises Should Plan for Next[advisory]RESEARCH · When AI Agents Control Physical Systems, Identity Management Becomes a Safety Problem[advisory]STANDARDS · From Passkeys to AI Agents: How the Passwordless Ecosystem Is Rapidly Expanding Its Reach[advisory]THREATS · Android Under Fire: Mirax RAT, EngageLab SDK Flaw, and SparkCat Variant Target Mobile Users and Crypto Wallets[advisory]THREATS · FBI Dismantles W3LL Phishing Empire as NEXUS Listener Campaign Harvests Credentials from 766 Hosts[advisory]RESEARCH · Anthropic's Mythos Preview: What the "Vulnpocalypse" Model Means for Defenders[advisory]THREATS · Iran and Russia Launch Parallel Campaigns Against Critical Infrastructure: PLCs and Routers Under Siege[advisory]AI SECURITY · The State of OpenAI in 2026: Security, Scale, and Stakes[advisory]RESEARCH · Kubernetes Cost-Cutting Without Security Debt: Balancing FinOps and Resilience[advisory]THREATS · Threat Actors Weaponize n8n Workflow Automation Webhooks for Malware Delivery and Device Fingerprinting[advisory]RESEARCH · Post-Quantum Security for Zero Trust and the Cloud: What Enterprises Should Plan for Next[advisory]RESEARCH · When AI Agents Control Physical Systems, Identity Management Becomes a Safety Problem[advisory]STANDARDS · From Passkeys to AI Agents: How the Passwordless Ecosystem Is Rapidly Expanding Its Reach[advisory]THREATS · Android Under Fire: Mirax RAT, EngageLab SDK Flaw, and SparkCat Variant Target Mobile Users and Crypto Wallets[advisory]THREATS · FBI Dismantles W3LL Phishing Empire as NEXUS Listener Campaign Harvests Credentials from 766 Hosts[advisory]RESEARCH · Anthropic's Mythos Preview: What the "Vulnpocalypse" Model Means for Defenders[advisory]THREATS · Iran and Russia Launch Parallel Campaigns Against Critical Infrastructure: PLCs and Routers Under Siege
2069
CVEs tracked
30
Critical · 7d
44
Exploited in wild
24
PoCs public · 30d
224
Fixes shipped · 7d
18
Articles · 7d
AI Security
The State of OpenAI in 2026: Security, Scale, and Stakes
2026-04-16T12:55Z· AI SECURITY· 4 min read
Critical now
top CVSS · 14dRecently disclosed vulnerabilities rated critical (CVSS ≥ 9.0) or confirmed exploited in the wild. Each card shows the affected product, a plain-English description, and whether a fix is available. Click through for our full write-up or the raw advisory.
CVE-2026-40322CVSS 9.0
SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG…
◉ CRITICALFIX STATUS UNKNOWN
added 4h ago→
CVE-2026-37347CVSS 9.1
SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.
◉ CRITICAL⚡ PUBLIC POCFIX STATUS UNKNOWN
added 12h ago→
CVE-2026-37345CVSS 9.8
SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.
◉ CRITICAL⚡ PUBLIC POCFIX STATUS UNKNOWN
added 12h ago→
CVE-2026-37338CVSS 9.4
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.
◉ CRITICAL⚡ PUBLIC POCFIX STATUS UNKNOWN
added 12h ago→
CVE-2026-6270CVSS 9.1
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication…
◉ CRITICALFIX STATUS UNKNOWN
added 13h ago→
CVE-2026-31843CVSS 9.8
The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite…
◉ CRITICALFIX STATUS UNKNOWN
added 14h ago→
CVE-2026-3596CVSS 9.8
The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX…
◉ CRITICALFIX STATUS UNKNOWN
added 21h ago→
CVE-2026-6350CVSS 9.8
MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and…
◉ CRITICALFIX STATUS UNKNOWN
added 24h ago→
Editor's Desk
browse all articles →
Kubernetes Cost-Cutting Without Security Debt: Balancing FinOps and Resilience
A Cloud Security Alliance analysis argues that Kubernetes cost optimization should be treated as a security-relevant change stream. With clusters averaging just 10% CPU utilization, the pressure to rightsize is immense - but ungoverned changes to requests, scheduling, and node pools quietly erode blast-radius controls and audit trails.
Threat Actors Weaponize n8n Workflow Automation Webhooks for Malware Delivery and Device Fingerprinting
Cisco Talos has documented a sustained campaign abusing n8n, a popular AI workflow automation platform, to deliver RMM-based backdoors and fingerprint devices via phishing emails. Webhook URL abuse surged 686% between January 2025 and March 2026, with attackers leveraging trusted infrastructure to bypass email security filters.
Post-Quantum Security for Zero Trust and the Cloud: What Enterprises Should Plan for Next
New research from Caltech, Google Quantum AI, and the Cloud Security Alliance is converging on a single message: the timeline to quantum-safe cryptography is shrinking faster than enterprises expected. For cloud-native organizations running zero-trust architectures, the migration challenge is both urgent and structurally distinct from on-premises PKI transitions.
When AI Agents Control Physical Systems, Identity Management Becomes a Safety Problem
New CSA research and RSAC 2026 analysis reveal that over-privileged AI agents are not just an IT governance issue - they are an emerging physical safety risk. With 74% of agents receiving more access than needed and credential theft spiking 800%, the convergence of autonomous systems and cyber-physical infrastructure demands a fundamental rethink of IAM as safety-critical architecture.
From Passkeys to AI Agents: How the Passwordless Ecosystem Is Rapidly Expanding Its Reach
OpenAI's arrival on the FIDO Alliance Board, Mastercard's open-source standard for AI agent transactions, and Meta's display-free passkey method for XR headsets signal a new phase: passwordless authentication is moving well beyond logins into agent commerce, immersive hardware, and national-scale identity systems.
Android Under Fire: Mirax RAT, EngageLab SDK Flaw, and SparkCat Variant Target Mobile Users and Crypto Wallets
Three distinct Android threats emerged this week: the Mirax RAT converting phones into proxy nodes via Meta ads, a patched EngageLab SDK vulnerability that exposed 50 million users, and a new SparkCat variant scanning photo galleries for crypto wallet seed phrases. Together, they illustrate a converging threat landscape around mobile devices and digital assets.
trending vendors · 30d
From the frontline
analysis · deep-dives
FBI Dismantles W3LL Phishing Empire as NEXUS Listener Campaign Harvests Credentials from 766 Hosts
Two developments highlight the persistent scale of credential theft: the FBI and Indonesian police arrested the developer behind the W3LL phishing kit linked to $20 million in fraud, while Cisco Talos disclosed a fully automated credential harvesting operation exploiting a critical Next.js vulnerability to compromise hundreds of servers in under 24 hours.
Anthropic's Mythos Preview: What the "Vulnpocalypse" Model Means for Defenders
Anthropic has unveiled Claude Mythos Preview, an AI model capable of autonomously discovering and exploiting zero-day vulnerabilities across every major OS and browser. Through the controlled Project Glasswing initiative, the company is channeling the model's capabilities toward defense - but the deployment gap downstream of the code may be the real challenge.
Iran and Russia Launch Parallel Campaigns Against Critical Infrastructure: PLCs and Routers Under Siege
U.S. federal agencies issued urgent advisories this week as Iranian hackers disrupted programmable logic controllers across energy and water systems, while Russia's APT28 hijacked 18,000 home routers worldwide to steal authentication credentials. Both campaigns target the weakest links in critical infrastructure - internet-exposed devices that defenders often overlook.
The Cloud Security Paradox: Enterprises Overestimate Data Protection as Misconfigurations Fuel Breaches
A new Cloud Security Alliance survey reveals that 75% of organizations are confident in their unstructured data security - while 68% leave significant portions unprotected. A parallel CSA analysis of an AWS credential exposure incident shows how quickly such blind spots translate into full account takeover.
Passkeys Hit 4 Billion, FIDO Pivots to Wallets, and a New Code of Conduct Targets Credential Overreach
Three parallel developments are reshaping digital identity: FIDO Alliance declares passkeys mainstream and shifts focus to digital wallet certification, the Better Identity Coalition drafts "rules of the road" for verifiable credentials, and HYPR's latest report finds AI-driven impersonation has overtaken stolen credentials as the top enterprise identity threat.
The AI Revolution in OSINT: New Frontiers, Fresh Vulnerabilities, and the Evolving Intelligence Landscape
How AI is reshaping OSINT: from agentic intelligence tools and deepfake threats to OPSEC exposure risks and defensive countermeasures for 2026 practitioners.
Mapping the Global Landscape of Active CVEs: Insights by Origin Country
Analysis of global CVE trends by country of origin, covering vendor distribution, CNA shifts, state-sponsored exploitation, and regulatory responses in 2025-2026.
The State of npm in 2026: Security Crisis and Ecosystem Response
The npm ecosystem faces its most turbulent period ever. Three major supply chain attacks in seven months - including the Axios compromise attributed to North Korea - have forced GitHub to overhaul npm security. This report analyzes the threats, the response, and what comes next for the world's largest package registry.
Three Critical Vulnerabilities in One Week: Adobe Reader Zero-Day, Fortinet EMS Bypass, and Marimo RCE
A high-severity Adobe Reader zero-day exploited since December 2025, an authentication bypass in Fortinet FortiClient EMS added to CISA's KEV catalog, and a Marimo RCE flaw weaponized within 10 hours of disclosure highlight the accelerating pace of vulnerability exploitation and the shrinking patch window defenders face.
AI Agents Are Outrunning Enterprise Security: New Research Exposes a Structural Identity Crisis
New findings from the Cloud Security Alliance reveal that 68% of organizations cannot distinguish AI agent activity from human actions, while 74% grant agents more access than needed. As real-world incidents demonstrate the consequences - from weaponized AI coding tools to factory shutdowns - industry efforts by Mastercard, Google, and others are racing to build trust frameworks before the gap widens further.
Supply Chain Attacks Escalate: From the Axios NPM Compromise to Emerging Defense Frameworks
The North Korea-linked compromise of the Axios NPM package - with nearly 100 million weekly downloads - underscores the growing severity of software supply chain attacks. As the industry grapples with the fallout, new standards from the FIDO Alliance and the Cloud Security Alliance are emerging to address the systemic trust gaps that make these attacks possible.