Reports
AI-generated structured vendor updates
Palo Alto GlobalProtect VPN 0-Day Under Active Exploit: Gateway RCE Exposes Remote Access Risks
A critical unauthenticated remote code execution vulnerability in Palo Alto Networks GlobalProtect VPN is under active exploitation. This flaw directly compromises the VPN gateway, a key enterprise remote access component, exposing networks to potential takeover. Urgent patching and log review are mandated for all affected organizations.
Z.ai GLM-5.2 Ships Usable 1M-Token Context, No Benchmarks, Two Thinking Levels
Z.ai releases GLM-5.2 with a claim of usable 1M-token context and two thinking-effort levels. No standard benchmarks are provided, raising concerns about real-world performance. The model targets replacing chunking-based RAG with native long-context reasoning.
Cloudflare Absorbs Ensemble AI: Architectural Model Compression Reshapes Edge Inference Economics
Cloudflare integrates key Ensemble AI talent, bringing NdLinear and NdLinear-LoRA—architectural model compression techniques that preserve multidimensional activations to reduce parameters and compute. This aims to slash inference costs on Workers AI, boost GPU utilization, and accelerate global edge AI deployment.
Anthropic Claude Fable 5 on AWS: Data Retention Policy Breaches Cloud Security Boundary, Erodes Enterprise Data Sovereignty
AWS and Anthropic launch Claude Fable 5 with long-running async execution, advanced vision, and proactive self-verification. Access requires 30-day data retention and sharing with Anthropic, moving inference data outside AWS security boundary. Harmful prompts fall back to Opus 4.8, introducing complex pricing and governance risks.
Cloudflare as Customer Zero: Layered Defense Architecture Against Frontier AI Threats
Cloudflare reveals its production defense architecture against frontier AI models, using itself as customer zero. Combines WAF Attack Score, API Shield, Bot Management, Zero Trust, and MCP Server Portal. Core insight: architecture around the vulnerability matters more than patch speed, using ML scoring and positive security models to block attack variants before they hit, and contain lateral movement after a breach.
Cloudflare Embeds Live Threat Intel into WAF, Shifting Control from Manual Rules to Automated Engine
Cloudflare announces integration of real-time threat intelligence (from Cloudforce One) into its WAF engine, enabling proactive rules based on IP, attacker names, target industries, etc. Uses always-on detection with O(1) constant-time lookup for negligible latency. Currently IP-based, with plans for JA3 and domain matching.
Cisco Silicon One Expands to Campus: Chip-Embedded Control Locks Agentic AI Networks
Cisco extends Silicon One to campus with C9550/C9350 switches and Cloud Control, embedding distributed visibility, sustained high throughput, and adaptive programmability directly into the silicon. Deep on-chip buffering, identity-aware forwarding, and sub-second policy updates shift control from perimeter devices to chip and cloud-native orchestration, targeting agentic AI workloads.
Cisco Shifts AI Network Control from K8s Black Box to Unified Fabric via Isovalent and VXLAN ESG
Cisco integrates Isovalent's eBPF into Nexus One for pod-to-fabric visibility and introduces VXLAN ESG-based AI job segmentation, embedding security and multi-tenancy into the network fabric. This targets the Kubernetes 'black box' bottleneck in AI inference, unifying control and troubleshooting.
Cisco AI Defense Update: Agent Supply Chain Security as Platform Lock-In
Cisco updates AI Defense for agent security with adaptive red teaming, Policy Studio, and automated agent dependency graph scanning. It claims platform-agnostic protection across AWS Bedrock, Google ADK, LangChain, but deeply ties into Cisco Secure AI Factory with NVIDIA, raising concerns about lock-in and runtime overhead.
NVIDIA BlueField DPU In-Silicon Security Shifts AI Factory Control from Software to Hardware
NVIDIA unveils DOCA security stack (Argus, Vault, Flow) on BlueField-4 DPU, enabling hardware-isolated runtime threat detection via zero-copy memory analysis, zero-trust file access, and 800 Gb/s network enforcement. This shifts security control from host OS to DPU silicon, delivering distributed full-stack protection without compromising AI throughput, but deeply ties to Vera Rubin platform, creating ecosystem lock-in.
Hardcoded ASP.NET Machine Keys Enable ViewState Deserialization RCE in KnowledgeDeliver LMS
Mandiant reveals that KnowledgeDeliver LMS uses hardcoded ASP.NET machineKeys, enabling unauthenticated RCE (CVE-2026-5426). Attackers craft malicious ViewState payloads, deploy BLUEBEAM in-memory webshell, and infect visitors.
Cloudflare Tests Anthropic Mythos: AI-Driven Exploit Chain Construction and Proof Generation
Cloudflare's Project Glasswing tested Anthropic's Mythos Preview, revealing its ability to automatically chain multiple low-severity bugs into exploitable PoCs with runnable code. They built a multi-stage harness to manage noise and context limits, achieving a significant leap in vulnerability discovery quality.
Cisco Launches Nexus Dashboard 4.2, Enhancing Network Monitoring and Security for AI Workloads
Cisco has released Nexus Dashboard 4.2, a data center management platform update. Key enhancements include Slurm integration for AI/HPC job monitoring, LLDP-based integration with NVIDIA NICs for adaptive routing, and Live Protect for zero-downtime vulnerability mitigation using eBPF. The release aims to provide a unified, intelligent, and secure operations plane for hybrid cloud and AI infrastructure.
Cisco Acquires Astrix Security to Strengthen Non-Human Identity and AI Agent Security Control Plane
Cisco announces its intent to acquire Astrix Security, a Non-Human Identity (NHI) security specialist. The goal is to integrate AI agent and credential (API keys, service accounts) security management deeply into Cisco's Identity Intelligence platform and Zero Trust Access solutions. This move signals a shift in the security control plane from traditional human-machine interactions towards securing automated AI agent workloads, addressing the new attack surface created by AI agents abusing credentials.
Microsoft Publishes Cybersecurity Responsibility Framework for AI Era, Emphasizing Public-Private Collaboration and Modernized Vulnerability Management
Microsoft published a framework on securing the global digital ecosystem with next-generation AI, arguing that as AI accelerates vulnerability discovery, response and remediation must keep pace. The document outlines five recommendations, emphasizing public-private collaboration, responsible release of AI capabilities, and modernizing vulnerability management processes.
Tune In: The Future of AI-Powered Vulnerability Discovery
...
Cisco Publishes Model Provenance Constitution, Defining Weight-Level Derivation Standards
Cisco published the 'Model Provenance Constitution' to provide a normative definition for AI model supply chain safety. The standard strictly hinges on the verifiable derivation history of model weights, clearly delineating five types of provenance links (e.g., direct descent, distillation) and eight exclusions (e.g., independent reproduction), aiming to resolve industry inconsistencies in model provenance definitions.
Cisco Launches AI Agent Security Scanner, Shifting Security Control Point to IDEs
Cisco has launched an AI Agent Security Scanner IDE extension designed to identify and mitigate new attack surfaces in the AI development toolchain. The tool provides local, multi-layered protection by statically scanning MCP server configurations and agent skill definitions, embedding secure coding rules during code generation, and continuously monitoring file integrity at runtime.
Cisco Publishes OT Security Starter Framework, Emphasizing Affordability and Practicality
Cisco has published a starter framework for industrial OT security, targeting mid-sized enterprises with limited resources. It advocates a phased, cost-effective approach. The core is to avoid high hidden infrastructure costs from over-reliance on passive monitoring architectures like SPAN ports, and instead leverage existing network gear (e.g., switches supporting Cyber Vision) for initial visibility.
Cisco Extends Security Control Plane to AGVs via Industrial Wireless and Onboard Switch Integration
Cisco provides deterministic connectivity and embedded security for E80 Group's AGVs through its Ultra-Reliable Wireless Backhaul and Industrial Ethernet switches. This solution extends network visibility and policy enforcement from the fixed plant network to mobile assets, achieving native integration of OT security and connectivity.