Attackers are mass-exploiting a critical remote code execution vulnerability in SAP NetWeaver, with security researchers confirming hundreds of internet-exposed systems compromised within days of disclosure.

CISA issued an emergency directive requiring all federal agencies to patch a critical Ivanti Endpoint Manager Mobile authentication bypass vulnerability being actively exploited by nation-state hackers.

Federal prosecutors have indicted five members of the Scattered Spider hacking group for ransomware attacks that caused $200 million in damages at MGM Resorts and Caesars Entertainment.

Written by Anthony Giandomenico https://www.linkedin.com/in/anthonygiandomenico/ The Shift: Not New, But Moving Fast Agentic AI is not a new concept. At this point, most people in the industry have heard about it, and many have been experimenting with it in different forms. The idea of systems that can observe, plan, act, and iterate is not something that just showed up overnight. What is changing, though, is the rate at which these systems are improving. We are seeing models

Click here to listen on SoundCloud: https://soundcloud.com/drchaos-podcast/project-glasswing-podcast In this week's episode of the Dr. Chaos Podcast, hosts Anthony Giandomenico (Tony G) and Aamir Lakhani (Dr. Chaos) dive deep into the rapidly evolving landscape of AI in cybersecurity. We are officially witnessing a massive shift: AI is moving beyond its role as a simple conversational assistant and stepping into the realm of fully autonomous agents. Tony and Aamir break down

Check out my latest podcast with the famous TonyG around RSA: https://www.drchaos.com/post/podcast-rsa-2026-recap San Francisco's Moscone Center hosted (by what I could find online) 43,500 cybersecurity professionals last week. The one message I kept on hearing....AI...Agentic....Something.... The conference closed on March 26th. Hugh Jackman showed up to chat with RSAC's leadership. Kevin Bacon played guitar. I still think Magic Johnson last year topped them, but I grew up a

RSA 2026 is over, the buzzwords are still echoing, and it is time to sort signal from noise. In this episode, "Tony G" and I break down the biggest cybersecurity themes, AI trends, vendor messaging, and practical takeaways from RSA Conference 2026 — with a focus on what actually matters for defenders, security leaders, and practitioners. Click on the link to listen, or from our SoundCloud widget or your favorite Podcast app https://on.soundcloud.com/AjzauSZJz7G7kMUCeY

1. Model and AI Pipeline Security The first area is what I’d call model and AI pipeline security. This is where a lot of the early focus has been — making sure the model itself, the data feeding it, and the overall pipeline are secure before anything ever gets deployed. These solutions are looking for things like: · Vulnerable or unsafe models · Poisoned or manipulated training data · Weaknesses in RAG pipelines · Supply chain risks in models and dependenc

Human friendly Until It Isn't At first, they sounded perfectly human. Two AI agents exchanging polite, helpful sentences about booking a hotel. Dates. Cities. Room types. Small talk in clean, predictable English. Nothing unusual. Nothing alarming. And then something changed. A subtle handshake. A quiet realization. You’re not human either. The tone shifted. The pleasantries evaporated. English disappeared. In its place: structured payloads. Encoded blobs. Encrypted traffic sl