Enterprise Security Tech

At RSA Conference 2026, a new survey from Lineaje highlights a growing risk inside enterprise software pipelines: companies are rapidly adopting AI-generated code, but most lack the visibility required to secure it. The findings point to a widening gap between perceived security readiness and actual control over AI-driven development environments. That gap is quickly becoming one of the most important cybersecurity challenges facing enterprise teams in 2026. Enterprises Move

A security incident at Vercel is highlighting a dangerous shift in how attackers are breaching modern cloud environments. The company confirmed that hackers accessed internal systems and customer data after exploiting a compromised third-party AI integration, reinforcing warnings that identity-based attacks are now outpacing traditional infrastructure exploits. The breach originated from Context AI, whose application was connected to a Vercel employee’s corporate Google accou

A new security report signals a sharp change in how risk is evolving across the Microsoft ecosystem. While the total number of disclosed vulnerabilities dipped slightly in 2025, the most dangerous flaws surged, pointing to a more concentrated and potentially more exploitable threat landscape. According to the latest annual findings from BeyondTrust, critical vulnerabilities affecting Microsoft platforms doubled year over year. The shift suggests attackers are focusing less on

A growing dispute over data exposure at Swedish AI coding startup Lovable is raising fresh questions about how quickly emerging developer tools are scaling without fully locking down security controls. The controversy began when an X user alleged that projects created on the platform prior to late 2025 were broadly accessible. According to the post, the individual was able to view other users’ application code, chat interactions with AI systems, and associated customer data u

A new wave of supply chain attacks is hitting the npm ecosystem, and this time the blast radius is moving deeper into AI developer workflows. Security researchers at Socket say the latest campaign shows strong overlap with a previously identified wormable attack dubbed CanisterWorm, suggesting either a shared operator or direct reuse of adversary tooling. At the center of the incident are compromised packages tied to Namastex Labs, a company that promotes AI consulting and au

A brief but high-impact compromise of CPUID’s official website has exposed a growing weakness in the modern software supply chain. For less than 24 hours, attackers hijacked download links for widely used system utilities, replacing legitimate installers with malware-laced packages designed to silently establish remote access on victim machines. The incident, which unfolded between April 9 and April 10, targeted users attempting to download tools such as CPU-Z and HWMonitor.