Latest cybersecurity dispatches

Fresh reporting on active vulnerabilities, security patches, incident response, and threat research for defenders.

May 20, 2026, 3:31 PM EDT · AI Security · Claude Code13 minHow Claude Code Works Internally: From CLI Startup to Agentic Tool Execution

A practical systems-level explanation of Claude Code as a local agent runtime, covering startup, authentication, tools, permissions, sessions, MCP, plugins, and the Agent SDK.

May 18, 2026, 11:23 AM EDT · AI Security · AI Gateway Security5 minCritical Langflow Vulnerability Exposes AI Workflows and API Keys to Active Exploitation

CVE-2026-33017 exposes Langflow AI workflow builders to unauthenticated remote code execution through the public flow build endpoint.

May 18, 2026, 11:06 AM EDT · Supply Chain · Supply Chain5 minTrivy Vulnerability Turns Trusted CI/CD Scanner Into Supply Chain Secret-Stealing Threat

CVE-2026-33634 turned trusted Trivy releases and GitHub Actions into credential-stealing malware inside CI/CD pipelines and developer environments.

May 18, 2026, 10:50 AM EDT · Exploits · Exploited Vulnerability10 minThree Flaws, One Attack Chain: How SimpleHelp Became Ransomware's Favourite MSP Gateway

SimpleHelp CVE-2024-57727, CVE-2024-57726, and CVE-2024-57728 form an attack chain abused by ransomware actors against MSPs and downstream customers.

May 18, 2026, 10:37 AM EDT · Exploits · Zero-Day10 minCVE-2026-41940: Critical cPanel Auth Bypass Fuels Global Ransomware Wave

CVE-2026-41940 is a critical cPanel and WHM authentication bypass tied to mass exploitation, Sorry ransomware deployment, and an accelerated CISA remediation deadline.

May 18, 2026, 10:06 AM EDT · Exploits · Zero-Day9 minPalo Alto Zero-Day CVE-2026-0300: State-Backed Hackers Had 26 Days of Root-Level Access Before Anyone Knew

A critical unauthenticated PAN-OS User-ID Authentication Portal zero-day, CVE-2026-0300, was exploited for 26 days before public disclosure, giving likely state-backed attackers root-level firewall access.

May 17, 2026, 1:44 PM EDT · AI Security · Local AI6 minBest Open-Weight AI Models for a 128GB Apple Silicon Mac in 2026: Qwen3.6 Leads the Pack

Qwen3.6-35B-A3B leads 2026 open-weight AI picks for 128GB Apple Silicon Macs, balancing coding, reasoning, long context and local speed for developers.

May 17, 2026, 12:59 PM EDT · AI Security · Local AI8 minBest Open-Weight AI Models for a 24GB Apple Silicon Mac in 2026

Qwen3.6-27B in Q4_K_M-class quantization is the practical pick for a 24GB Apple Silicon Mac, with Gemma 4 26B A4B, Devstral Small 2 and Phi-4-mini filling specialized roles.