RECON

Read how PatchDiff-AI uncovered the root cause of CVE-2026-21513 — an actively exploited MSHTML vulnerability — and how APT28 leveraged it in real-world attacks.

February Linux Patch Wednesday. In February, Linux vendors addressed 632 vulnerabilities – 1.5× fewer than in January, including 305 in the Linux Kernel. Two vulnerabilities show signs of in-the-wild exploitation: 🔻 RCE – Chromium (CVE-2026-2441)🔻 InfDisc – MongoDB “MongoBleed” (CVE-2025-14847) Public exploits are available or suspected for 56 more vulnerabilities. Notable ones include: 🔸 RCE […]

Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our TRAIL threat model, we demonstrated how four prompt injection techniques could extract users’ private information from Gmail by exploiting the browser’s AI assistant. The vulnerabilities we found reflect how AI agents behave when external content isn’t treated as untrusted input. We’ve distilled our findings into five recommendations tha...

We share our AI model’s proof attempts for the First Proof math challenge, testing research-grade reasoning on expert-level problems.

Xcode 26.3 integrates Anthropic Claude Agent and OpenAI Codex with full agentic coding capabilities. Deep dive into setup, features, MCP support, and how it compares to Cursor and Copilot.

Ryan is joined by Philippe Saade, the AI project lead at Wikimedia Deutschland, to dive into the Wikidata Embedding Project and how their team vectorized 30 million of Wikidata’s 119 million entries for semantic search.

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware    The Hacker News

UMMC Shuts Clinics While it Grapples with Ransomware Attack    The HIPAA Journal