Blog

Daily notes on AI, testing, and building software.

April 20, 2026Vulnerability Analysis
CVE-2026-34621: Adobe Acrobat Reader Prototype Pollution — What It Is & How to Fix It
CVE-2026-34621 is a prototype pollution vulnerability in the JavaScript engine embedded within Adobe Acrobat and Adobe Acrobat Reader that enables attackers to execute arbitrary code by convincing a victim to open a…
April 20, 2026Vulnerability Analysis
CVE-2026-32157: Windows Remote Desktop Client Use-After-Free RCE — What It Is & How to Fix It
CVE-2026-32157 is a critical use-after-free vulnerability (CWE-416) in the Microsoft Windows Remote Desktop Client that allows an unauthenticated attacker to achieve remote code execution on a victim's machine. Patched…
April 20, 2026Vulnerability Analysis
CVE-2026-33827: Critical Windows TCP/IP Race Condition Allows Unauthenticated Remote Code Execution
CVE-2026-33827 is a critical race condition vulnerability in the Windows TCP/IP networking stack that allows an unauthenticated remote attacker to execute arbitrary code with SYSTEM-level privileges — no user…
April 20, 2026Vulnerability Analysis
CVE-2026-32201: Microsoft SharePoint Zero-Day Actively Exploited — What It Is & How to Fix It
CVE-2026-32201 is a spoofing vulnerability in Microsoft SharePoint Server caused by improper input validation of HTTP request parameters. It was exploited as a zero-day in targeted attacks against organizations before…
April 20, 2026Vulnerability Analysis
CVE-2026-20131: Cisco FMC Java Deserialization RCE — Root-Level Takeover of Your Firewall's Control Plane
CVE-2026-20131 is a maximum-severity (CVSS 10.0) unauthenticated remote code execution vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC). By sending a specially crafted…
April 20, 2026Vulnerability Analysis
CVE-2026-33826: Windows Active Directory RPC RCE — What It Is & How to Fix It
CVE-2026-33826 is a high-severity remote code execution (RCE) vulnerability in the Windows Active Directory RPC service, patched by Microsoft on April 14, 2026 as part of Patch Tuesday. An authenticated attacker with…
April 20, 2026Vulnerability Analysis
CVE-2026-33032 (MCPwn): nginx-ui Authentication Bypass Enables Full Nginx Server Takeover
CVE-2026-33032 is a critical authentication bypass vulnerability (CVSS 9.8) in nginx-ui, the widely used open-source web management interface for Nginx servers, discovered and dubbed MCPwn by Pluto Security. A missing…
April 20, 2026Testing Tools
The Third Wave of AI Testing Tools Is Here — And It Looks Nothing Like Selenium
The "third wave" of AI testing tools in 2026 moves beyond AI-assisted test writing into fully agentic test generation, autonomous maintenance, and self-healing pipelines — fundamentally changing what it means to be a…
April 20, 2026Code Generation | Testing Tools | Test Automation
Who Tests the AI? Archon, LLM Code Quality Research, and the New QA Frontier
As AI-generated code becomes a default part of software development, a critical gap has emerged: the code LLMs write is largely untested in any systematic way. New research from ArXiv and a new open-source tool called…
April 20, 2026AI/LLM Updates
How Do You Test an AI Agent? New ArXiv Research Shows the Way
As LLM-based agents become production software components, QA teams face a new challenge: traditional test automation was designed for deterministic systems, but AI agents are non-deterministic by nature. New research…

Latest from the blog