Latest Engineering Articles

11 min read

We Found Eight Attack Vectors Inside AWS Bedrock. Here's What Attackers Can Do with Them

XM Cyber's threat research team identified eight validated attack vectors targeting AWS Bedrock's permissions, configurations, and integrations.

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of multiple tax-season phishing campaigns targeting over 29,000 users across 10,000 organizations, deploying RMM malware for persistent access.

71 min read

Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper

This article covers a supply chain attack on Trivy, an open-source vulnerability scanner by Aqua Security, leading to widespread compromise across developer environments.

Google Cloud

02 min read

DevOps•2026-03-23

March 23, 2026

Google Cloud's March 23, 2026 release notes summarize updates across multiple services over the last 60 days.

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Threat actors are actively exploiting CVE-2025-32975 (CVSS 10.0), an authentication bypass flaw in Quest KACE Systems Management Appliance (SMA), to hijack administrative accounts.

Google

11 min read

AI•2026-03-23

Build a smart financial assistant with LlamaParse and Gemini 3.1

This post explains how to build an intelligent personal finance assistant by combining LlamaParse and Gemini 3.1 Pro to extract structured data from complex financial PDFs.

GitLab

44 min read

Product•2026-03-23

Agile planning gets a boost from new features in GitLab 18.10

GitLab 18.10 introduces a unified work items list and saved views to improve Agile planning workflows.

Spring

Spring Cloud Config 5.0.2, 4.3.2, 4.2.6, 4.1.9, 3.1.13 Released, includes fix for CVE-2026-22739

Spring Cloud Config has released multiple patched versions (5.0.2, 4.3.2, 4.2.6, 4.1.9, 3.1.13) addressing a security vulnerability.

OpenAI

AI•2026-03-23

Creating with Sora Safely

This post outlines the safety-first approach taken in building Sora 2 and the Sora app as a video generation model and social creation platform.

FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks

The FBI and CISA warn that Russian intelligence-affiliated threat actors are conducting mass phishing campaigns targeting Signal and WhatsApp accounts of high-value individuals.

41 min read

Security•2026-03-21

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has patched a critical unauthenticated remote code execution vulnerability (CVE-2026-21992) affecting Oracle Identity Manager and Web Services Manager.