Security Boulevard

5 Capabilities of Workload Access Managers – And Why WAM Isn’t WIM

Legacy IAM can't govern autonomous AI agents that spin up, execute and terminate in seconds. New identity patterns are now emerging. The post 5 Capabilities of Workload Access Managers – And Why WAM ...
Security Boulevard

How Escape AI Pentesting Exploited SSRF in LiteLLM

The post How Escape AI Pentesting Exploited SSRF in LiteLLM appeared first on Escape – Application Security & Offensive Security Blog. At Escape, we routinely test the AI infrastructure that teams ...
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis ...

Summary: Lovable, the $6.6 billion vibe coding platform with eight million users, has faced three documented security incidents exposing source code, database credentials, and thousands of user ...
Infosecurity-magazine.com

Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited

Fortinet customers have been urged to update their FortiClient Enterprise Management Server (EMS) products after the vendor was forced to issue an emergency patch over the weekend. CVE-2026-35616 is a ...
thecyberexpress

FortiClientEMS Vulnerabilities Under Active Exploitation, Expose Systems to RCE

A newly disclosed set of vulnerabilities affecting Fortinet’s endpoint management platform has raised serious concerns among cybersecurity professionals, particularly as both flaws are already being ...
SecurityWeek

Fortinet Rushes Emergency Fixes for Exploited Zero-Day

Fortinet over the weekend rushed emergency fixes for a FortiClient Enterprise Management Server (EMS) vulnerability that has been exploited as a zero-day. Described as an improper access control issue ...
The Hacker News

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: ...
Biometric Companies

NIST concept paper explores identity and authorization controls for AI agents

A draft concept paper released by the National Institute of Standards and Technology (NIST) asks industry and government stakeholders how organizations should identify, authenticate and control ...
The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Cybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic's Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code ...
Biometric Companies

NCCoE seeks input on project to apply identity, authorization standards to agentic AI

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is interested in AI agents. Specifically, according to an announcement, it is ...
TechCrunch

Spotify changes developer mode API to require premium accounts, limits test users

Spotify is changing how its APIs work in Developer Mode, its layer that lets developers test their third-party applications using the audio platform’s APIs. The changes include a mandatory premium ...