AWS Continuum for code vulnerabilities, a system built to handle a vulnerability across its lifecycle, from discovery through to a fix, is now available in gated preview. It reasons over a customer’s environment, confirms which findings are real, and works toward resolution. It is model agnostic and draws on multiple frontier models, assigning each to the work where it performs best. AWS designed it to take in newer models as they become available. “We need … More →
The post AWS Continuum brings AI models to code vulnerability management appeared first on Help Net Security.
Anyone who installs software through a third-party Homebrew tap runs Ruby code written by people outside the project, and that code runs without a sandbox. That risk sits at the center of Homebrew 6.0.0. Tap trust Homebrew now requires a tap, along with any tap-qualified formula or cask, to be trusted before its code is evaluated or run. The official Homebrew taps stay trusted by default. The brew tap command gains options for managing trust … More →
The post Homebrew tightens tap security, begins work on its interface appeared first on Help Net Security.
Enterprises are connecting AI agents to live data feeds and putting them to work on tasks that once required human review, from IT operations to software development. The number doing this in production reached 32 percent in 2026, up from 29 percent the year before, according to Confluent’s annual Data Streaming Report, which surveyed 4,625 IT leaders across 14 countries. Governance and data quality top the list of agentic AI obstacles IT leaders point to … More →
The post Most agentic AI projects in production have stalled over data problems appeared first on Help Net Security.
A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend against supply chain attacks using Microsoft Defender and actionable threat intelligence.
The post From package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleet appeared first on Microsoft Security Blog.
Microsoft has officially acknowledged a critical zero-day vulnerability in Microsoft Defender, publicly dubbed “RoguePlanet,” and confirmed it is actively developing a security patch to address the flaw. Tracked as CVE-2026-50656, the vulnerability was formally published on June 16, 2026, by the Microsoft Security Response Center (MSRC) and carries a CVSS score of 7.8 (Important) under […]
The post Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch appeared first on Cyber Security News.