Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Surprise, surprise, agentic AI is advancing very quickly, and security isn’t quite keeping up. While most attention in recent times has focused on improving model capability, we’ve often been left wondering how to actually make these systems safe enough to trust with real-world tasks and limited interaction. This challenge has become particularly evident with the rise of platforms like OpenClaw, where autonomous agents can execute multi-step actions with minimal human oversight.

Shadow IT refers to any technology—including hardware, software, cloud services, SaaS applications, or AI tools—used within an organization without the explicit approval of the IT or security department. Shadow IT is rarely malicious. It is usually the result of employees searching for a means of making their workflows more efficient. When sanctioned corporate tools are perceived as too slow, rigid, or complex, users often "self-serve" by adopting unvetted alternatives to meet their deadlines.

Your engineering lead is in your office Thursday morning. They want to push an AI agent to production next Tuesday. It’s a LangChain-based workflow agent, connected through MCP to three internal tools and one external API, with access to a customer database. The framework posters are on the wall. Your team has spent two quarters standing up runtime observability. And sitting in that chair, you still don’t know whether to say yes.

A platform security engineer gets an alert at 2:14 a.m. One of the LangChain agents running in their production Kubernetes cluster has produced an execution graph with eleven nodes, seven tool calls, and an egress edge to a domain that is not in the agent’s approved integration list. The chain is fully rendered in their console. Every signal is there.

Security teams deploying AI agents into Kubernetes know they need behavioral baselines. The concept is straightforward: define what “normal” looks like for each agent, then detect when behavior drifts in ways that suggest compromise. The problem is that AI agents are designed to change. A model update alters inference latency. A prompt revision shifts tool-calling sequences. A new MCP integration adds API destinations nobody flagged during the last security review.

A missing null check in libssh’s SFTP directory listing code lets a malicious server crash clients, but real-world exploitability is extremely constrained. CVE-2026-0968 is an out-of-bounds heap read in sftp_parse_longname(), triggered when an SFTP client processes a crafted SSH_FXP_NAME response with a malformed longname field. Red Hat, which serves as the CNA (CVE Numbering Authority) for this vulnerability, scored it 3.1 (Low), while Amazon Linux independently scored it 4.2 (Medium).

Email remains the primary communication channel in healthcare, carrying patient records, referral notes, billing data, and administrative correspondence that frequently contains electronic Protected Health Information (ePHI). For Managed Service Providers (MSPs) serving healthcare clients, HIPAA-compliant email archiving is no longer optional. It is a foundational requirement for supporting regulatory compliance, responding to audits, and protecting against data loss.

Acronis has earned new recognition from Info‑Tech SoftwareReviews, with Acronis Cyber Platform named a leader in the Endpoint Protection – Midmarket Data Quadrant. This recognition is based entirely on feedback from verified end users, highlighting the value MSPs and their clients see in Acronis endpoint protection capabilities. Unlike awards driven solely by analyst opinion or market presence, SoftwareReviews’ recognition reflects real‑world experience.

Initially published by the Open Worldwide Application Security Project (OWASP) in 2023, the Top 10 for LLM Application Security list seeks to bridge the gap between traditional application security and the unique threats related to large language models (LLMs). Even where the vulnerabilities listed have the same names, the Top 10 for LLM Application Security focuses on how threat actors can exploit LLMs in new ways and potential remediation strategies that developers can implement.

A criminal threat actor called “Silver Fox” is launching tax-themed phishing attacks against Japanese companies during the country’s tax season, according to researchers at ESET. “The ongoing campaign uses convincing phishing lures related to tax compliance violations, salary adjustments, job position changes, and employee stock ownership plans,” ESET says. “All emails share the same goal – trick the recipients into opening malicious links or attachments.