Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We are witnessing the birth of a new profession in the blend of security engineering and security operations, a discipline that didn't exist five years ago because the systems it protects didn't exist five years ago. As artificial intelligence moves from experimental to essential and agentic systems begin to perceive, reason, act, and learn autonomously, we need defenders who can operate at the same velocity. I'm talking about the AI Security Engineer.

The Notepad++ incident is a reminder that the tools we use to build our businesses can also be used to break them.

OAuth is a commonly used authorisation framework, that allows websites and web applications to request limited access to a user’s account on another application. Users can grant this limited access to their account, without ever needing to expose their password with the requesting website or application. This is commonly seen with sites that allow you to log in with popular accounts such as a social media login, Microsoft or Google account.

CVE-2026-22769 is a hardcoded credential vulnerability affecting Dell RecoverPoint for VMs, a disaster recovery orchestration platform used to manage replication and failover of virtualized workloads. The issue stems from static authentication credentials embedded within a product component. Because these credentials are not uniquely generated per deployment and cannot be changed by administrators, they introduce a structural authentication weakness.

A newly disclosed vulnerability tracked as CVE-2026-25639 puts Node.js applications using Axios at risk of remote Denial-of-Service attacks. By sending a specially crafted configuration object, attackers can trigger a fatal runtime error inside Axios’s internal request handling logic, causing the Node.js process to crash instantly.

Getting clear answers about your security risk shouldn’t require hours of manual work or deep platform expertise. Meet Seema – Seemplicity’s new AI assistant designed to translate complex remediation data into plain-spoken, actionable insights. Whether you’re a practitioner investigating a specific vulnerability, an engineer needing context on a finding, or a leader briefing on overall risk, Seema provides the clarity you need to move from data to action.

During a recent video interview, we spent time unpacking a deceptively simple question: what actually makes a vulnerability critical? Severity scores, exploitability, and asset importance all factor into the answer. But one layer of context consistently changes the urgency of a finding more than most teams expect: internet exposure. The difference between a vulnerability that exists and one that matters often comes down to whether an attacker can reach it.

AI accelerates discovery — but enterprise trust still depends on deterministic validation, remediation automation, and governance at scale. Last Friday, Anthropic launched Claude Code Security, powered by Opus 4.6, inside Claude Code. The demo is impressive: Frontier AI reasoning scanned open source codebases and surfaced over 500 previously unknown high-severity vulnerabilities — including subtle heap buffer overflows that had survived decades of expert review and fuzzing.