![[tl;dr sec] #332 - I've Joined OpenAI, fwd:cloudsec, AWS Well Architected Supply Chain Security](https://image.cybernoz.com/wp-content/uploads/2026/06/tldr-sec-332-Ive-Joined-OpenAI-fwdcloudsec-AWS-Well-600x340.png)
[tl;dr sec] #332 – I’ve Joined OpenAI, fwd:cloudsec, AWS Well Architected Supply Chain Security
New Job, Who Dis? TL;DR: I’ve joined OpenAI to lead their Cyber efforts. I’m joined by Mike Aiello, an awesome security executive and human. Mike…
Author: Cybernoz
Trust No Skill: Integrity Verification for AI Agent Supply Chains
Executive Summary AI agents now extend their capabilities by installing third-party skills the way smartphones install apps. Anyone can publish a skill to a public…
ServiceNow fixes API issue after reports of suspicious tenant activity
According to the company’s advisory, the vulnerability was initially reported through ServiceNow’s bug bounty program in April, prompting an investigation and subsequent security updates. ServiceNow…
CISA BOD 26-04 directs agencies to prioritize exploited vulnerabilities and assess compromise before patching
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Binding Operative Directive requiring federal civilian agencies to assess and align their vulnerability management policies.…
Claroty finds authentication bypass, RCE flaws in Vertiv UPS management cards that could disrupt data center operations
Researchers from Claroty’s Team82 disclosed two critical vulnerabilities in Vertiv Liebert IS-UNITY-DP and Liebert RDU101 network cards used to manage uninterruptible power supply (UPS) systems,…
AI Threat Readiness Pillar 2: Accelerate Patching & Response
In our first blog in this AI Threat Readiness series, we covered how to reduce critical exposures and scan with AI by mapping your attack…
LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
In this final video in our LABScon Replay series from LABScon 25, we present the keynote from SentinelLABS’ own Juan Andrés Guerrero-Saade (JAGS), VP, Intelligence…
How threat hunting evolves at scale
At Red Canary, our deep focus on mechanized detection engineering has always been complemented by an underlying need to understand emerging threats, patterns, and vulnerabilities…
Coupang hit with record $409 million data breach fine in Korea
The Personal Information Protection Commission (PIPC), South Korea’s data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following…
Ivanti Command Injection Vulnerability Exploited in Attacks following PoC Release
Threat actors have begun actively exploiting a critical Ivanti Sentry command injection vulnerability just days after a proof-of-concept (PoC) exploit was made public, according to…
Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps
Encrypted Spaces is, in some sense, the next generation of the Signal protocol, but for more complex and fully featured tools that go beyond messaging…
Attackers Exploit Critical Langflow Flaw for Remote Code Execution
Attackers have begun actively exploiting a high-severity vulnerability in Langflow, tracked as CVE-2026-5027, which enables remote code execution via a path traversal flaw in the…