Reports
AI-generated structured vendor updates
Mandiant Reveals Cisco SD-WAN Manager Zero-Day: Control Plane Becomes Prime Target
Mandiant identified a zero-day (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager exploited via malicious CSV upload to escalate to root. The intrusion involved rogue peering, credential manipulation, and anti-forensic cleanup. This highlights SD-WAN centralized control planes as a new attack surface for advanced threats.
Palo Alto GlobalProtect VPN 0-Day Under Active Exploit: Gateway RCE Exposes Remote Access Risks
A critical unauthenticated remote code execution vulnerability in Palo Alto Networks GlobalProtect VPN is under active exploitation. This flaw directly compromises the VPN gateway, a key enterprise remote access component, exposing networks to potential takeover. Urgent patching and log review are mandated for all affected organizations.
Cisco Cloud Control and AI Agents: Centralized Control Plane with Hidden Lock-in and Performance Gaps
At Cisco Live 2026, Cisco unveiled Cloud Control, a unified management platform with AI agents, Live Protect vulnerability mitigation, PQC, and new hardware (C9550 switches, CW9177 APs). While promising operational simplicity, it deepens vendor lock-in through proprietary APIs and AI agents, while its hardware lacks high-density 400G ports and advanced RoCEv2 congestion control for AI workloads.
Cloudflare Embeds Live Threat Intel into WAF, Shifting Control from Manual Rules to Automated Engine
Cloudflare announces integration of real-time threat intelligence (from Cloudforce One) into its WAF engine, enabling proactive rules based on IP, attacker names, target industries, etc. Uses always-on detection with O(1) constant-time lookup for negligible latency. Currently IP-based, with plans for JA3 and domain matching.
Cisco Cloud Control Unifies Management: Control Plane Shifts to Single Pane for AgenticOps
Cisco Live 2026 unveils Cisco Cloud Control, a unified dashboard for networking, security, compute, and observability, enabling human-AI agent collaboration. Also expands Live Protect kernel-level patching to N9000 switches, outlines quantum-safe roadmap, and launches C9550/C8600 hardware.
Cisco AI Defense + AppOmni Extends Runtime Guardrails to SaaS AI Agents
Cisco integrates AI Defense with AppOmni, using AgentGuard as a real-time intercept layer inside SaaS environments. Custom guardrails now apply to Microsoft 365 Copilot, ServiceNow Now Assist, and other SaaS agents, monitoring MCP, chat, and agent-to-agent channels to block prompt injection, tool exploitation, and data exfiltration with a unified policy engine.
Check Point Agentic Exposure Validation: AI Agents Counter Autonomous Exploitation
Check Point launches Agentic Exposure Validation (AEV), using AI agents that reason like attackers. It correlates exposure data, asset context, and live threat intelligence to safely prove what is exploitable. Part of CTEM, it enables evidence-based reduction before AI-driven adversaries act.
Hardcoded ASP.NET Machine Keys Enable ViewState Deserialization RCE in KnowledgeDeliver LMS
Mandiant reveals that KnowledgeDeliver LMS uses hardcoded ASP.NET machineKeys, enabling unauthenticated RCE (CVE-2026-5426). Attackers craft malicious ViewState payloads, deploy BLUEBEAM in-memory webshell, and infect visitors.
Cloudflare Tests Anthropic Mythos: AI-Driven Exploit Chain Construction and Proof Generation
Cloudflare's Project Glasswing tested Anthropic's Mythos Preview, revealing its ability to automatically chain multiple low-severity bugs into exploitable PoCs with runnable code. They built a multi-stage harness to manage noise and context limits, achieving a significant leap in vulnerability discovery quality.
In-depth Analysis of CISA Agentic AI Security Guidelines
CISA released the world's first Agentic AI security deployment guidelines on May 1, 2026, marking a critical transition from theoretical discussions to mandatory compliance requirements.
Microsoft Publishes Cybersecurity Responsibility Framework for AI Era, Emphasizing Public-Private Collaboration and Modernized Vulnerability Management
Microsoft published a framework on securing the global digital ecosystem with next-generation AI, arguing that as AI accelerates vulnerability discovery, response and remediation must keep pace. The document outlines five recommendations, emphasizing public-private collaboration, responsible release of AI capabilities, and modernizing vulnerability management processes.
Cisco Pushes Service Providers to Monetize Embedded Security
Cisco's blog argues that service providers must shift from viewing security as a cost to treating it as a growth engine. The core premise is that by embedding security natively into network infrastructure, providers can offer high-value security-as-a-service and capture new B2B revenue in a commoditized bandwidth market.
Anthropic Partners with Mozilla, AI Models Independently Discover High-Severity Firefox Vulnerabilities
Anthropic's Claude Opus 4.6 model discovered 22 vulnerabilities in Mozilla Firefox over two weeks, with 14 classified as high-severity. This demonstrates AI's ability to independently identify unknown vulnerabilities in complex software and its nascent capability to generate exploits, signaling a new phase in AI-powered cybersecurity offense and defense.
Cisco Talos Report Highlights Identity Attacks as Primary Battleground
Cisco Talos 2025 report reveals attackers are increasingly leveraging identity-based attacks at unprecedented speed, while legacy vulnerabilities remain widely exploited. The report emphasizes identity control as the core security challenge.
Cisco Extends Zero Trust Security to AI Agent Ecosystem
At RSA 2026, Cisco introduced security innovations for AI agents, extending Zero Trust Access with agent discovery in Identity Intelligence, agentic IAM in Duo, and MCP enforcement in Secure Access SSE. It launched AI Defense: Explorer Edition for self-serve testing and DefenseClaw open source framework to automate security deployment.
Meta Integrates AI Support Assistant with Content Moderation, Reducing Third-Party Reliance
Meta launched an AI support assistant and deployed advanced AI content moderation systems to enhance user experience and platform safety. This signals a strategic shift from relying on third-party vendors to strengthening internal AI systems, with plans to deeply integrate AI into core operations.
Trend Micro Report Highlights AI Supply Chain Risks and Model Attack Surfaces
Trend Micro's 'Fault Lines in the AI Ecosystem' report systematically analyzes security risks in the AI supply chain, including training data poisoning, third-party plugin vulnerabilities, and model theft attacks. It indicates that enterprise AI security boundaries have expanded from traditional IT infrastructure to the model layer and data pipelines.
Trend Micro Highlights Power Automate as an Enterprise Automation Security Blind Spot
Trend Micro's research report reveals that the complexity of low-code automation tools like Microsoft Power Automate is being exploited by cybercriminals to evade detection and exfiltrate data. The study highlights critical security risks from visibility gaps within automation platforms and warns of growing demand for such attack capabilities in the cybercriminal underground.
Trend Micro Exposes Azure DNS Design Flaw Enabling Cloud Infrastructure Takeover
Trend Micro's TrendAI™ research team disclosed a security vulnerability "by design" in the Azure cloud platform. DNS records of deleted Azure resources may persist, allowing attackers to exploit these lingering DNS names to hijack trusted endpoints and compromise dependent systems, highlighting a critical but often overlooked trust inheritance risk in cloud infrastructure.