#SEC disclosure
24 stories taggedSEC disclosure.

Microsoft Tightens Teams Meeting Controls for External AI Bots
A new admin policy requires organizer approval before automated external participants can join Teams meetings — a quiet but consequential shift in how enterprises govern AI access to sensitive calls.

Behavioral AI Pitched as Answer to Identity-Abuse Phishing, But Regulators Still Set the Bar
A vendor webinar makes the case for behavioral detection against BEC and account takeover. The compliance questions sit underneath.

Adobe Ships Emergency Fixes for Seven CVSS 10.0 Bugs in ColdFusion, Campaign Classic
Out-of-band advisories cover arbitrary code execution and privilege escalation paths. Administrators face a short remediation window before public exploit code is likely.

WhatsApp DMs Push VBScript Loaders That Deploy Legitimate RMM Tools
An active campaign abuses WhatsApp Desktop and Web to distribute scripted droppers that install commercial remote-management software across at least ten jurisdictions.

When Legacy Infrastructure Becomes the Soft Underbelly of Your AI Agent Stack
Governance frameworks like NIST AI RMF and the EU AI Act assume the pipes under the model are secure. They often aren't.

Klue Confirms OAuth Token Theft as 'Icarus' Crew Stakes Public Claim
The market intelligence vendor's disclosure adds another name to the lengthening list of Salesforce-adjacent SaaS breaches tied to stolen OAuth credentials.

Mastra npm Namespace Hit: 145 Packages Tampered After Contributor Account Hijack
Researchers tracking the 'easy-day-js' supply chain incident say a single compromised maintainer account was sufficient to push malicious versions across the @mastra/* registry footprint.

Tailscale and OpenSSH Became a Junior Operator's Back Door After His Havoc C2 Went Dark
An intrusion at a small French auto-sector firm shows how commodity remote-access tooling defeats the assumption that killing the C2 ends the incident.

MFA Alone Won't Save You: What Modern Attackers Know That Defenders Don't
A practitioner-focused webinar examines how threat actors sidestep conventional detection controls and why single-layer authentication assumptions are failing organizations.

AI in Cybersecurity: What Security Leaders Actually Need to Know
Dozens of experts weigh in on how artificial intelligence is reshaping both offense and defense — and why the gap between the two may be widening faster than policy can close it.

MDR's AI Reckoning: When the Old Service Model Stops Keeping Up
Managed detection and response solved a staffing problem. It is not, by itself, an answer to adversaries who automate reconnaissance and intrusion at machine speed.

Langflow Path Traversal Flaw CVE-2026-5027 Hits CISA's Exploited List
An unauthenticated write-anywhere bug in the open-source AI builder is being abused in the wild, per VulnCheck telemetry, raising fresh questions for federal users bound by BOD 22-01 patch deadlines.

JDY Botnet's Quiet Comeback: 1,500 SOHO and IoT Nodes Now Mapping the Internet
Researchers tie the reconstituted scanner network to China-nexus operators conducting persistent, large-scale reconnaissance against exposed services.

Knowingly Shipping Vulnerable Code Has Become Standard Practice, Survey Finds
A Checkmarx survey of 2,350 security leaders finds nearly half of production code is AI-generated — and enterprises are deploying it despite knowing it carries unresolved flaws.

Anthropic's Mythos Shows AI Can Find Bugs Faster Than Humans. The Bug Bounty Model May Not Survive It.
Machine-speed vulnerability discovery is no longer theoretical. The question now is whether the bounty ecosystem — and the offensive security teams inside it — are priced and structured for a world where finding flaws is the easy part.