Security Articles

Agentic AI Security: New Risks and Controls in the Databricks AI Security Framework (DASF v3.0)

Databricks releases DASF v3.0, extending its AI Security Framework with 35 new risks and 6 controls specifically targeting agentic AI systems.

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, an open-source vulnerability scanner by Aqua Security, suffered a second supply chain attack where 75 GitHub Actions version tags were hijacked to deliver CI/CD secret-stealing malware.

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

A critical unauthenticated remote code execution vulnerability (CVE-2026-33017, CVSS 9.3) in Langflow was actively exploited within 20 hours of public disclosure.

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Google introduces a mandatory 24-hour waiting period for sideloading apps from unverified developers on Android to combat malware and scams.

191 min read

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

This article examines how AI-enabled cyber attacks are outpacing traditional security models and why behavioral analytics must evolve to counter them.

Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover

Sansec has disclosed a critical Magento REST API vulnerability dubbed PolyShell that allows unauthenticated attackers to upload arbitrary executables and achieve remote code execution or account takeover.

DoJ Disrupts 3 Million-Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

The U.S.

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Apple warns users of older iOS versions about active web-based attacks using the Coruna and DarkSword exploit kits that steal sensitive data.

Stripe

51 min read

Three of the biggest fraud trends from MRC Vegas 2026

This article summarizes three major fraud trends discussed at MRC Vegas 2026, where over 2,000 payments leaders gathered to address increasingly automated fraud.

51 min read

Security•2026-03-19

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Researchers have identified a new malware called Speagle that parasitically abuses the Cobra DocGuard document security platform to steal data from targeted systems.

01 min read

Security•2026-03-19

54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security

A new ESET analysis examines 54 EDR killer tools that use the BYOVD technique, abusing 34 signed but vulnerable drivers to disable endpoint security before ransomware deployment.