Your guide to staying secure on a world built on AI

Weekly deep dive on cybersecurity threats, AI security, and digital defence strategies — plus daily tactical tips. Stay hardened.

Latest

Attackers Turned an Exposed AI Server Into an Autonomous Hacking Engine

Jun 29, 2026

Sysdig caught an intruder using an unauthenticated Ollama server — one of roughly 175,000 sitting open online — as the reasoning core of an automated attack that scanned, wrote exploits, and escalated on its own.

Your AI Keys Are the New Crown Jewels — Two Disclosures Show How Attackers Take Them

Jun 22, 2026

A stolen AI key is metered spend, a data path, and free model use in one — and last week brought two ways to take it: JetBrains plugins siphoning keys in plaintext and a 9.9 LiteLLM chain ending in root.

Prompt Injection Is the New Remote Code Execution

Jun 15, 2026

How to Secure Your Agentic AI Frameworks Against Escalating Critical Vulnerabilities

Attackers are turning Cisco's SD-WAN Manager against the network it runs — CVE-2026-20245 is an exploited, still-unpatched root bug

Jun 8, 2026

Cisco confirms exploitation across on-prem, cloud, and FedRAMP deployments: a netadmin-to-root command-injection bug that has already been used to push configuration changes to edge devices.

A third-party Magento cache plugin is handing attackers full store takeover — CVE-2026-45247 is unauthenticated RCE, and it is already being exploited

Jun 5, 2026

The Mirasvit Full Page Cache Warmer extension deserializes an attacker-controlled cookie on ordinary storefront requests, turning a single unauthenticated HTTP request into remote code execution; CISA added the flaw to its Known Exploited Vulnerabilities catalogue on June 3 after researchers observed live attacks.