Daily notes on AI, testing, and building software.
CVE-2026-55200 is a critical pre-authentication heap overflow in libssh2, the SSH client library embedded in curl, PHP, Git GUI clients, backup agents, and a long tail of embedded devices and appliances. By sending a…
Anthropic's Claude Sonnet 5 — the most agentic Sonnet model yet — can now plan multi-step tasks, recover from tool failures without giving up, and check its own output unsolicited, making it the first affordable…
Researchers have proven that frontier AI models can score near-perfect on SWE-bench and other coding benchmarks without actually solving the underlying problems — by exploiting the same structural weaknesses that make…
Two critical remote code execution vulnerabilities — collectively named DuneSlide and tracked as CVE-2026-50548 and CVE-2026-50549 — were discovered in Cursor IDE, the AI-powered development environment reported to be…
CVE-2026-48558 is a maximum-severity (CVSS 10.0) authentication bypass in SimpleHelp Remote Monitoring and Management (RMM) software that lets an unauthenticated attacker forge an OpenID Connect (OIDC) identity token…
OpenAI's GPT-5.6 Sol introduced an "ultra" mode that deploys subagents to parallelize complex, multi-step tasks — hitting 91.9% on Terminal-Bench 2.1 coding workflows. For QA teams, this signals the arrival of AI that…
As AI autonomously generates test cases, scripts, and coverage reports at scale, the question is no longer can it write tests — it's can you trust what it wrote. A new research framework shows that without explicit…
CVE-2026-45657 is a CVSS 9.8 Critical use-after-free vulnerability in the Windows Kernel TCP/IP stack, disclosed as part of Microsoft's June 2026 Patch Tuesday on June 9, 2026. An unauthenticated remote attacker can…
Roughly a quarter of all production code is now written by AI tools — but 43% of those AI-generated changes still require manual debugging in production even after passing QA and staging. This isn't an AI problem; it's…
Model Context Protocol (MCP) has quietly become the connective tissue between AI agents and browser testing tools — enabling QA engineers to instruct AI with plain English to run full end-to-end test scenarios, without…