News

How to Conduct a Successful Audit of AI-Driven Software Development

Traditionally, an audit independently examines records, processes and controls to verify compliance and assess financial and operational integrity. In the modern world, such an approach should extend to the software development lifecycle (SDLC) – especially in the age of artificial intelligence (AI) or large language model (LLM)-assisted code. Chief Information Security Officers (CISOs) and their teams need proof that developers are producing protected products, because one in five organizations has experienced a serious security incident…

Read More

Adobe Patches Critical ColdFusion, Campaign Classic Vulnerabilities

Adobe on Tuesday announced security updates for ColdFusion and Campaign Classic to resolve half a dozen maximum severity vulnerabilities. The update for Adobe Campaign Classic resolves CVE-2026-48286 (CVSS score of 10/10), an incorrect authorization issue that could allow attackers to execute arbitrary code. Patches for the flaw were included in Adobe Campaign Classic version 7.4.3 build 9397, which is now rolling out to Windows and Linux users. Updates released for ColdFusion versions 2025 and 2023…

Read More

Aflac Japan Data Breach Impacts 4.38 Million

Aflac Life Insurance Japan, a subsidiary of insurance giant Aflac, on Tuesday announced that hackers stole the personal information of 4.38 million customers. The company’s systems were hacked on June 15, and the attackers accessed them several times until June 25, when the data breach was discovered, Aflac said in a filing with the US Securities and Exchange Commission. “Upon identifying the unlawful access, Aflac Japan promptly took steps designed to contain the incident and…

Read More

‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access

JFrog has published technical details and a proof of concept (PoC) targeting a recent high-severity Linux kernel vulnerability that could allow any local user to gain root privileges. Tracked as CVE-2026-43503 (CVSS score of 8.8) and referred to as DirtyClone, the local privilege escalation bug was resolved on May 24, shortly after being reported to the Linux kernel maintainers. Now, JFrog explains that the flaw is a variant of DirtyFrag (also known as Copy Fail…

Read More

Chinese Framework Powers 200,000 Scam Sites

More than 200,000 websites are using investment scam templates built with the Chinese open source framework Uni-App, Infoblox reports. A cross-platform development toolkit, Uni-App allows developers to create Vue.js codebases that can be deployed as mobile and desktop applications, or as mobile-optimized websites simultaneously. Widely used in China and supported by a developer ecosystem, the framework powers thousands of legitimate products, and its maker DCloud does not appear to be involved in its fraudulent use.…

Read More

Amazon Q Flaw Enabled Cloud Credential Theft via Malicious Repositories

Researchers at Wiz have disclosed a high-severity vulnerability in the Amazon Q Developer extension for Visual Studio Code that could allow attackers to steal developers’ cloud credentials by luring them into opening a booby-trapped code repository. Amazon Q Developer is an AI-powered coding assistant that offers developers features such as code suggestions, automated refactoring, and access to external tools and services via integrations with local processes. AWS was notified about the issue on April 20…

Read More

Linux Foundation Unveils New Open Source Security Project Akrites

The Linux Foundation on Thursday announced a new industry effort aimed at efficiently addressing vulnerabilities in the open source software (OSS) ecosystem. Named Akrites, it establishes a shared Security Incident Response Team (SIRT) for coordinated discovery, patching, and public disclosure of OSS security defects. If it sounds familiar, it should. Less than two weeks ago, Chainguard announced Athena, a coalition of over two dozen fintech and technology organizations aimed at addressing OSS bugs before public…

Read More

25-Year-Old Vulnerability Patched in Curl

The open source data transfer tool and library curl has been updated this week with patches for 18 vulnerabilities, including one introduced 25 years ago. The flaws, four medium and 14 low-severity, were discovered as part of a community effort after Anthropic’s Mythos discovered a single curl bug in early May. This release resolves the highest number of CVEs patched with a single curl update, including an issue that was introduced in version 7.7, shipped…

Read More

Webinar Today: Modern Exposure Validation in the AI Era

Weeks to hours. That’s how fast AI now turns a new vulnerability into a working exploit. Patch-and-pentest cycles were built for a slower world. The question has changed from “are we patched?” to “are we secure right now, and can we prove it?” Here’s the hard truth: finding exposures was never the problem. Proving which ones an attacker could actually use, and deciding the right call on evidence, is the hard part. And no single tool gets…

Read More

Canadian Electricity Provider London Hydro Discloses Data Breach

Canadian electricity provider London Hydro is investigating a data breach that potentially impacted the personal and account information of its customers. London Hydro is a local distribution company serving the City of London, Ontario. It serves roughly 170,000 residential, institutional, commercial, and industrial customers. On June 20, the electricity provider announced that hackers had broken into its systems and that customers’ data was likely accessed. “London Hydro and the appropriate authorities are currently investigating a…

Read More