Laura French

New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available

• patchconfiguration-management
• vulnerability-management

New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available

Laura French May 15, 2026

Fragnesia is at least the fourth privilege escalation flaw affecting Linux systems disclosed in the last three...

Read More Read more about New Linux privilege escalation flaw ‘Fragnesia’ disclosed; PoC available

OpenAI Daybreak joins growing movement of AI-driven vulnerability discovery

• ai-benefitsrisks
• aiml

OpenAI Daybreak joins growing movement of AI-driven vulnerability discovery

Laura French May 14, 2026

The program aims to leverage GPT models and Codex Security to improve software resilience.

Read More Read more about OpenAI Daybreak joins growing movement of AI-driven vulnerability discovery

Patch Tuesday: No zero days among 137 Microsoft CVEs, 4 Word RCEs

• patchconfiguration-management
• vulnerability-management

Patch Tuesday: No zero days among 137 Microsoft CVEs, 4 Word RCEs

Laura French May 12, 2026

The May 2026 Microsoft security update included no zero days for the first time since June 2024....

Read More Read more about Patch Tuesday: No zero days among 137 Microsoft CVEs, 4 Word RCEs

Google reports first known AI-assisted zero-day exploit in the wild

• aiml
• generative-ai

Google reports first known AI-assisted zero-day exploit in the wild

Laura French May 12, 2026

Attackers used AI to create an exploit script for a 2FA bypass flaw in an open-source project....

Read More Read more about Google reports first known AI-assisted zero-day exploit in the wild

Vibe coding has cybersecurity asking what AI can — and can’t — replace

• aiml
• application-security
• devsecops
• generative-ai

Vibe coding has cybersecurity asking what AI can — and can’t — replace

Laura French May 11, 2026

Cyber pros balance hype, skepticism and uncertainty as AI coding disrupts industry norms.

Read More Read more about Vibe coding has cybersecurity asking what AI can — and can’t — replace

Federal agencies ordered to patch Ivanti EPMM zero-day in 3 days

• patchconfiguration-management
• vulnerability-management

Federal agencies ordered to patch Ivanti EPMM zero-day in 3 days

Laura French May 8, 2026

The actively exploited flaw enables remote admin users to execute arbitrary code.

Read More Read more about Federal agencies ordered to patch Ivanti EPMM zero-day in 3 days

Iranian threat group used Chaos ransomware as a ‘false flag,’ researchers say

• malware
• ransomware
• threat-intelligence
• threat-management

Iranian threat group used Chaos ransomware as a ‘false flag,’ researchers say

Laura French May 7, 2026

The purported ransomware attack did not encrypt files and used infrastructure tied to MuddyWater.

Read More Read more about Iranian threat group used Chaos ransomware as a ‘false flag,’ researchers say

CloudZ RAT plugin targets Windows Phone Link for possible OTP theft

• identity
• malware
• ssomfa
• threat-intelligence
• threat-management

CloudZ RAT plugin targets Windows Phone Link for possible OTP theft

Laura French May 6, 2026

The Pheno plugin monitors active Phone Link connections to eavesdrop on texts and notifications.

Read More Read more about CloudZ RAT plugin targets Windows Phone Link for possible OTP theft

CISA reportedly considers 3-day patch deadline for KEV flaws

• aiml
• patchconfiguration-management
• vulnerability-management

CISA reportedly considers 3-day patch deadline for KEV flaws

Laura French May 5, 2026

Officials are considering how AI tools like Claude Mythos could shorten exploit timelines, Reuters reports.

Read More Read more about CISA reportedly considers 3-day patch deadline for KEV flaws

Cisco releases open-source ‘DNA test for AI models’

• aiml
• supply-chain

Cisco releases open-source ‘DNA test for AI models’

Laura French May 1, 2026

The Model Provenance Kit allows organizations to trace model origin and similarity.

Read More Read more about Cisco releases open-source ‘DNA test for AI models’