A high-severity vulnerability in the AI-powered development tool Cursor allows installed extensions to access sensitive credentials, exposing API keys and session tokens without any user interaction. According to research by LayerX, the issue stems from how Cursor stores secrets locally,… Read More "Cursor Extension Flaw Exposes Developer API Keys"
What ties the roster together more than any title or office is a shared preoccupation with artificial intelligence, longevity, and the near future. Asked on a sign-up form to predict the future, registrants returned again and again to the same… Read More "Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society"
Where assessing whether production applications can be trusted is still a manual questionnaire, it may be time to automate. For many CISOs, analyzing trust in enterprise production applications is still a manual process: questionnaires surveying the teams running the apps;… Read More "Can CISOs Trust Their Applications? TrustCloud Wants to Replace the Questionnaire"
Swati KhandelwalJun 16, 2026Machine Learning / Cloud Security A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside… Read More "Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting"
An undocumented malware implant suspected to be associated with a China-linked actor has been identified by researchers at Cato Networks’ Cyber Threats Research Lab (CTRL). Their discovery was made when they responded to an intrusion attempt affecting the Indian branch… Read More "China-Linked Hackers Deploy New TencShell Malware Against Manufacturer"
Intent-aware endpoint security company Ent on Tuesday emerged from stealth mode with $100 million in seed funding to build a new layer of workspace security that interprets user and agent behavior before risky actions are finalized. The funding round was… Read More "Endpoint Security Startup Ent Emerges From Stealth With $100 Million Seed Round"
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education… Read More "ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures"
Microsoft has warned of a high-severity zero-day vulnerability that could lead to an attacker sending arbitrary code to a victim by sending a specially crafted email to an Outlook user. The flaw, tracked as CVE-2026-42897, is due to an improper… Read More "Microsoft Reports Severe Zero-Day Flaw in On-Prem Exchange Servers"
Late last week, Anthropic took its new Claude Fable 5 and Mythos 5 AI models offline following a United States government export-control directive barring “any foreign national” from using the services. The company has been in talks with the White… Read More "‘Dangerous’ AI Models Are Coming No Matter What"
To better understand the current state of artificial intelligence (AI) in cybersecurity, SecurityWeek spoke with dozens of security practitioners, researchers, vendors, analysts, and AI experts. The result is a comprehensive snapshot of how AI is being used across the security… Read More "AI and Cybersecurity – Everything You Wanted to Know, But Were Afraid to Ask"
