A platform security engineer gets an alert at 2:14 a.m. One of the LangChain agents running in their production Kubernetes cluster has produced an execution graph with eleven nodes, seven tool calls, and an egress edge to a domain that is not in the agent’s approved integration list. The chain is fully rendered in their console. Every signal is there.

Your engineering lead is in your office Thursday morning. They want to push an AI agent to production next Tuesday. It’s a LangChain-based workflow agent, connected through MCP to three internal tools and one external API, with access to a customer database. The framework posters are on the wall. Your team has spent two quarters standing up runtime observability. And sitting in that chair, you still don’t know whether to say yes.

Protecting websites from cyberattacks remains critical. One common type of attack is the Ping Flood, which is different from the historical ‘Ping of Death.’ This is when many ping requests are sent to a website's server at once, slowing it down or even crashing it. As web traffic and application complexity increase, exposure to denial-of-service attacks grows. This is why it's important to have strong defenses in place.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Thankfully this common WP Plugin is well patched by now, but of course there will always be some who don’t enable auto-updates… But its better late than never for this one: Interesting, Rowhammer has migrated to the GPU.

Backups are as good as the testing carried out to check effectiveness. Key aspects to consider when verifying GitHub backup effectiveness include: Has all data been covered and successfully backed up? Is the frequency of backup appropriate? Are recovery procedures correctly implemented? Read on as we shed more light on testing GitHub backups. Find out more about backup testing best practices, the issues that may arise, how to address them and why backup verification is so important.

Threat actors are impersonating Palo Alto Networks recruiters to target job seekers, according to researchers with Palo Alto’s Unit 42 security team. “These attacks specifically target senior-level professionals by leveraging scraped LinkedIn data to craft highly personalized lures,” the researchers write.

This week Anthropic announced Project Glasswing, a cybersecurity initiative built around Claude Mythos Preview, an unreleased frontier AI model capable of autonomously discovering and developing exploits for zero-day vulnerabilities across major operating systems and web browsers. According to early details, the model has already identified thousands of critical vulnerabilities that traditional tools have missed for years.

Ask anyone what they think when a website requests a driver's license, Social Security number, or email address, and you'll hear the same reaction: "Why do they need that?" It’s a fair question. Not a day goes by without news of another data breach or scam. Many people have either experienced fraud firsthand or know someone who has. While they're more aware of the need to protect their data, they don't feel equipped to actually do it.