Category: CyberSecurity

  • Remote MCP Servers Are Turning OAuth Into an AI Agent Security Boundary

    As AI agents move from chat interfaces into production systems, the security question is no longer limited to what a model can say. It is now also about what the agent can reach, what tools it can invoke, and which user-linked accounts sit behind those tool calls. That shift is what makes the Model Context…

  • AI Agent Security Needs to Move to the Tool-Call Boundary

    AI agents are becoming useful for the same reason they are becoming risky: they can act. They can browse websites, read files, call APIs, search repositories, invoke MCP servers, use skill files, modify documents, and trigger workflows across external systems. That makes them very different from older chatbot deployments, where most risk stayed inside the…

  • Netizen: Monday Security Brief (7/6/2026)

    Today’s Topics: BioShocking Shows Why AI Browsers Turn Prompt Injection Into Account Access AI browsers change the risk model for web security. A normal browser displays pages, runs site code inside web security boundaries, and leaves most decisions to the user. An AI browser in agent mode can read, click, type, summarize, follow links, interact…

  • AI Agent Tooling Is Turning Metadata Into an Attack Surface

    AI agent security is beginning to move beyond the familiar problem of malicious prompts. The more serious issue is what happens after the model is connected to real systems. Once an AI assistant can reach files, APIs, databases, SaaS platforms, code repositories, ticketing queues, and internal workflows, the security boundary is no longer just the…

  • Vulnerability Management Is Outgrowing Severity Scores

    Vulnerability management has always involved a mismatch between volume and capacity. Security teams identify thousands of findings across endpoints, cloud workloads, SaaS platforms, network appliances, containers, applications, and third-party software. Remediation teams do not have unlimited time, and many systems cannot be patched without maintenance windows, regression testing, uptime planning, or business approval. That is…

  • How AI Use Creates New Compliance Challenges

    AI adoption is creating a new class of compliance risk that does not fit cleanly inside traditional policy, audit, privacy, or security programs. For years, most compliance programs were built around known systems, known data flows, defined user roles, documented vendors, and repeatable business processes. Artificial intelligence changes that operating model. It introduces probabilistic outputs,…

  • Netizen: Monday Security Brief (6/29/2026)

    Today’s Topics: Squidbleed Shows Why Old Proxy Code Still Belongs in the Threat Model Squidbleed is the kind of vulnerability that looks small in code and much larger in an environment diagram. Tracked as CVE-2026-47729, the flaw is an out-of-bounds read in Squid’s FTP gateway that can leak fragments of proxy memory back to a…

  • The Growing Market for Stolen Browser Data

    The modern browser has become one of the most valuable data repositories in the enterprise. It stores passwords, cookies, active sessions, autofill fields, saved payment details, authentication tokens, browsing history, device identifiers, and traces of nearly every cloud platform a user touches during the workday. For attackers, that makes the browser less like a utility…

  • The Next Software Supply Chain Problem May Not Be Code

    Software supply chain security has spent the last several years focused on source code, third-party packages, vulnerable libraries, and malicious dependencies. That focus made sense. Incidents like Log4Shell, dependency confusion, typosquatting, and compromised open-source packages made it clear that organizations needed better visibility into what their applications were built from. That visibility still matters. SBOMs,…

  • Netizen: Monday Security Brief (6/22/2026)

    Today’s Topics: INTERPOL Warns Cybercrime Is Surging Across Asia-Pacific as Phishing, Ransomware, and AI Scams Scale Up Cybercrime is rising sharply across Asia and the South Pacific, with phishing, ransomware, banking malware, information stealers, deepfakes, and AI-assisted fraud placing new pressure on governments, businesses, and law enforcement agencies across the region. A new INTERPOL assessment…