Reports
AI-generated structured vendor updates
Hardcoded ASP.NET Machine Keys Enable ViewState Deserialization RCE in KnowledgeDeliver LMS
Mandiant reveals that KnowledgeDeliver LMS uses hardcoded ASP.NET machineKeys, enabling unauthenticated RCE (CVE-2026-5426). Attackers craft malicious ViewState payloads, deploy BLUEBEAM in-memory webshell, and infect visitors.
Cisco Addresses AI-Scale Infrastructure Security Challenges with New Firewall Architecture
Cisco launches the Secure Firewall 6100 series, re-architecting its data plane software and optimizing hardware to deliver high-performance, power-efficient security for AI data centers, cloud, and telecom environments. It aims to balance security and performance amid encrypted traffic growth and east-west traffic, integrating with the Hybrid Mesh Firewall for consistent policy across hybrid infrastructure.
Cisco's Annual Report Reveals AI-Era Security Strategy: Expanding from Personal Data to Industrial Data Governance
Cisco's FY25 Purpose Report emphasizes security, privacy, and trust as business imperatives in the AI era. The core shift is the expanded mandate of its Privacy Center of Excellence (PCOE), moving beyond personal data to govern regulated 'industrial data'. The report also details AI-powered threat detection engines like SnortML and DNS Security Service.
Anthropic Partners with Mozilla, AI Models Independently Discover High-Severity Firefox Vulnerabilities
Anthropic's Claude Opus 4.6 model discovered 22 vulnerabilities in Mozilla Firefox over two weeks, with 14 classified as high-severity. This demonstrates AI's ability to independently identify unknown vulnerabilities in complex software and its nascent capability to generate exploits, signaling a new phase in AI-powered cybersecurity offense and defense.
Cisco Talos Report Highlights Identity Attacks as Primary Battleground
Cisco Talos 2025 report reveals attackers are increasingly leveraging identity-based attacks at unprecedented speed, while legacy vulnerabilities remain widely exploited. The report emphasizes identity control as the core security challenge.