Daily notes on AI, testing, and building software.
CISA added CVE-2026-28318 to its Known Exploited Vulnerabilities (KEV) catalog on June 5, 2026, confirming active in-the-wild exploitation of a high-severity denial-of-service flaw in SolarWinds Serv-U managed file…
When AI agents run your test suites, mid-task drift and instruction decay turn deterministic automation into unpredictable noise. Claude Opus 4.8's targeted fixes for these exact failure modes directly improve the…
CVE-2026-20230 is a critical server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager's WebDialer service that allows an unauthenticated remote attacker to write arbitrary files to the…
A new April 2026 arxiv paper demonstrates that pairing LLMs with Retrieval Augmented Generation (RAG) pipelines significantly reduces hallucination in AI-generated test cases, meaning the test suites LLMs write are more…
Claude Opus 4.8's new Dynamic Workflows feature lets a single orchestrator agent spin up and coordinate up to 1,000 parallel subagents in one session — a capability that transforms how large-scale test execution,…
CVE-2026-20127 is a maximum-severity (CVSS 10.0) authentication bypass in Cisco Catalyst SD-WAN Controller and Manager that allows an unauthenticated remote attacker to gain high-privileged administrative access —…
On May 11, 2026, attackers published 84 malicious versions across 42 @tanstack/ npm packages in a six-minute window by chaining three separate GitHub Actions vulnerabilities: a pullrequesttarget Pwn Request,…
CVE-2026-0257 is an authentication bypass vulnerability in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS software that allows unauthenticated remote attackers to forge authentication override cookies…
AI agents are being deployed into production pipelines at scale, but most teams have no systematic way to test their safety and security properties — Microsoft's RAMPART fills that gap with a framework QA engineers…
Microsoft's newly open-sourced RAMPART framework brings red team-style safety and security testing directly into the pytest workflow, meaning QA engineers can now write standard test files that evaluate agentic AI…