Steve Zurier

Microsoft patches Entra ID bug that let AI agents escalate privileges

• aiml
• generative-ai
• identity
• privileged-access-management

Microsoft patches Entra ID bug that let AI agents escalate privileges

Steve Zurier April 28, 2026

Flaw in Entra ID AI agent role enabled privilege escalation and takeover.

Read More Read more about Microsoft patches Entra ID bug that let AI agents escalate privileges

Medtronic says cyberattack did not disrupt its operations

• threat-intelligence
• threat-management

Medtronic says cyberattack did not disrupt its operations

Steve Zurier April 27, 2026

Attack raised concerns because it was second one on a major medical device maker since the Iran...

Read More Read more about Medtronic says cyberattack did not disrupt its operations

UNC6692 impersonates help desk employees to drop SNOW malware via Teams

• application-security
• phishing
• ransomware

UNC6692 impersonates help desk employees to drop SNOW malware via Teams

Steve Zurier April 24, 2026

Attackers abuse Teams chat to deliver malware after help desk phishing scam.

Read More Read more about UNC6692 impersonates help desk employees to drop SNOW malware via Teams

AI-driven cloud attacks reach ‘functional’ maturity, says Unit 42

• ai-benefitsrisks
• aiml
• security-operations
• soc

AI-driven cloud attacks reach ‘functional’ maturity, says Unit 42

Steve Zurier April 23, 2026

PoC proves that attackers can leverage AI to exploit cloud weaknesses at machine speed.

Read More Read more about AI-driven cloud attacks reach ‘functional’ maturity, says Unit 42

Firefox report offers early insight into Claude Mythos AI model

• aiml
• application-security
• generative-ai
• threat-management

Firefox report offers early insight into Claude Mythos AI model

Steve Zurier April 22, 2026

AI model finds hundreds of bugs in Firefox, boosting defense — but also lowering barriers for attackers.

Read More Read more about Firefox report offers early insight into Claude Mythos AI model

Another Cisco Catalyst SD-WAN Manager bug added to CISA list

• network-security
• patchconfiguration-management
• security-operations
• soc
• vulnerability-management

Another Cisco Catalyst SD-WAN Manager bug added to CISA list

Steve Zurier April 21, 2026

CISA flags new Cisco SD-WAN flaw amid active exploit chains, urging rapid patching.

Read More Read more about Another Cisco Catalyst SD-WAN Manager bug added to CISA list

Vercel incident falls short of a supply chain attack — for now

• ai-benefitsrisks
• devsecops
• identity

Vercel incident falls short of a supply chain attack — for now

Steve Zurier April 20, 2026

Experts say Vercel case was a trust and authentication boundary failure, but not an attack on the...

Read More Read more about Vercel incident falls short of a supply chain attack — for now

Apache ActiveMQ RCE bug to CISA list of exploited vulnerabilities

• ai-benefitsrisks
• aiml
• patchconfiguration-management
• vulnerability-management

Apache ActiveMQ RCE bug to CISA list of exploited vulnerabilities

Steve Zurier April 17, 2026

CISA flags 13-year-old ActiveMQ RCE as exploited, highlighting AI-driven bug discovery.

Read More Read more about Apache ActiveMQ RCE bug to CISA list of exploited vulnerabilities

Cisco patches critical bugs in Webex, ISE

• application-security
• identity
• ssomfa

Cisco patches critical bugs in Webex, ISE

Steve Zurier April 16, 2026

Experts warn that the Webex bug may get the headlines, but exploited ISE bugs offer attackers the...

Read More Read more about Cisco patches critical bugs in Webex, ISE

Vishing attacks on Okta identity systems on the rise

• iam-technologies
• identity
• phishing
• ransomware
• ssomfa

Vishing attacks on Okta identity systems on the rise

Steve Zurier April 15, 2026

Vishing attacks target Okta to bypass MFA, enabling broad SSO data access.

Read More Read more about Vishing attacks on Okta identity systems on the rise