The European AI Regulation enters full application on August 2, 2026. GPAI obligations, articulation with NIS2 and DORA, high-risk system mapping, compliance plan.
A LayerX study published in April 2026 reveals that AI-powered browser extensions have 60% more vulnerabilities, access cookies 3 times more often, and have seen their permissions grow 6 times faster than traditional extensions.
An active campaign targets internet-exposed ComfyUI instances. Automated exploitation, dual monetization through Monero cryptomining and botnet, persistence via a fake GPU node. Technical analysis and recommendations.
Anthropic announces Project Glasswing and Claude Mythos Preview, an AI model capable of identifying and exploiting thousands of zero-days. Access restricted to ~40 organizations responsible for critical infrastructure security.
AI inference servers (ComfyUI, Ollama, Stable Diffusion) have become high-value targets for cryptominers. Complete hardening guide: authentication, reverse proxy, network segmentation, GPU monitoring.
GitGuardian's State of Secrets Sprawl 2026 report reveals 29 million hardcoded secrets on GitHub. AI commits leak 2x more, and 70% of 2022 secrets are still valid.
Check Point reveals a ChatGPT flaw enabling conversation and file exfiltration through a hidden DNS channel. Patched by OpenAI on February 20, 2026.
TeamPCP compromised LiteLLM on PyPI on March 24, 2026 via a cascading supply chain attack. 95 million monthly downloads, credentials stolen.
A flaw in Microsoft Excel allows Copilot Agent to exfiltrate data without user interaction. Zero-click, critical, patch available since March 10.
A vulnerability in Anthropic's Claude Chrome extension allowed silent prompt injection. Practical guide to auditing and securing your browser extensions.
Three vulnerabilities discovered in LangChain and LangGraph expose filesystem data, environment secrets, and conversation history. 52 million weekly downloads.
The EU AI regulation enters full application on August 2, 2026. Cybersecurity requirements, timeline, penalties, and preparation guide for CISOs.
Complete guide to the OWASP Top 10 for LLM applications. Prompt injection, data exfiltration, model poisoning: understand and defend.
Google, Amazon, Microsoft, Anthropic and OpenAI collectively invest $12.5M to secure open source. Big Sleep and CodeMender find vulnerabilities automatically.
Technical analysis of CVE-2026-33017, a critical Langflow vulnerability allowing unauthenticated remote code execution. Exploited within 20 hours of disclosure.
Shadow AI is now the top enterprise risk. 76% of organizations are affected and 31% don't know if an AI breach has occurred. Practical detection and governance guide.