The CVE-2026-34839 was discovered during a manual analysis of the application’s API and network behavior. This flaw is very dangerous on office/home networks where Glances is commonly run, and IPs are easy to find through simple scanning.

CVE-2026-29145 is an authentication bypass flaw in Apache Tomcat and Apache Tomcat Native affecting the CLIENT_CERT authentication path. When OCSP soft-fail is disabled, certain code paths fail to treat an OCSP check failure as a hard authentication failure, allowing a connecting client to reach protected resources without presenting a valid, revocation-checked certificate.

In Australia, the introduction of the Social Media Minimum Age Act increased the importance of gauging a user’s age without compromising their privacy. To help organizations navigate these requirements, Persona now supports an integration with ConnectID, an Australian digital identity network.

A CISO running AI agents on GKE has watched three Google product launches in eighteen months — Model Armor, expanded Security Command Center coverage for AI workloads, additions to Chronicle’s curated detection content — and is being asked whether the GCP-native stack is now sufficient. The vendor demos and the Google Cloud blog say yes. The 2 AM analyst experience says something different.

PCI DSS compliance levels categorize merchants and service providers based on annual card transaction volume, determining their validation requirements. Merchants fall into four levels, with Level 1 requiring the most rigorous assessment through a Qualified Security Assessor, while Levels 2 through 4 typically complete self-assessment questionnaires. Service providers follow a separate two-tier system.

You cannot turn a corner without entering the world of AI. I was in a big box home improvement store the other day and there was a manufacturer touting the AI built into their refrigerator! Children’s toys, personal electronics, and even cat litter boxes are now selling AI-assisted products. I am a technology early adopter, and where I’ve seen good uses of AI, we are in the phase of “throw AI into everything” mode, as we do not know what will stick.

The defensive timeline in cybersecurity is changing faster than most organizations are prepared for. For years, defenders operated with an assumption that there would be some delay between vulnerability disclosure and exploitation. That delay created a window for patching, mitigation, and detection. It wasn’t perfect, but it gave security teams time to act. Frontier AI is removing that buffer and changing how organizations must consider cyber risk.