Blog

Daily notes on AI, testing, and building software.

May 9, 2026Vulnerability Analysis
CVE-2026-42354: Sentry SAML SSO Authentication Bypass Enables Full Account Takeover
CVE-2026-42354 is a critical-severity (CVSS 9.1) improper authentication vulnerability in Sentry's SAML Single Sign-On implementation that allows an attacker to take over any user account on a vulnerable self-hosted…
May 9, 2026Vulnerability Analysis
CVE-2026-6973: Ivanti EPMM Zero-Day RCE Under Active Exploitation — Detection, Remediation & Hardening
Ivanti's Endpoint Manager Mobile (EPMM) contains a critical improper input validation flaw (CVE-2026-6973) that allows a remotely authenticated attacker with administrative privileges to execute arbitrary code on…
May 9, 2026Testing Tools
Who Tests the Testers? jcode and the Emerging Practice of Meta-Testing AI Code Agents
As AI coding agents — Claude Code, GitHub Copilot, Cursor, and others — become integral to software delivery pipelines, QA teams face a new challenge: the agents themselves can fail, hallucinate, or regress, and…
May 9, 2026Vulnerability Analysis
CVE-2026-42826: Azure DevOps Critical Information Disclosure — What It Is & How to Fix It
CVE-2026-42826 is a perfect-score (CVSS 10.0) critical information disclosure vulnerability in Microsoft Azure DevOps, published May 7, 2026. An unauthenticated remote attacker can exploit a broken access-control path…
May 9, 2026Vulnerability Analysis
CVE-2026-23918: Apache HTTP/2 Double-Free Vulnerability Enables DoS and Remote Code Execution
CVE-2026-23918 is a double-free memory corruption vulnerability in Apache HTTP Server 2.4.66's modhttp2 module that can be triggered remotely by sending a crafted HTTP/2 HEADERS + RSTSTREAM sequence, resulting in a…
May 9, 2026AI/LLM Updates
Claude's New Multiagent Orchestration & "Outcomes" — What It Means for QA Teams
Anthropic's newly launched multiagent orchestration and "Outcomes" features in Claude Managed Agents introduce a paradigm shift: AI agents can now divide complex QA work across parallel specialists and use rubric-based…
May 8, 2026Test Automation
Testing the Testers: jcode, LLM Test Oracle Generation, and the New QA Frontier for AI Code Agents
As AI code agents become a standard part of software development workflows, QA teams face a new challenge: you can't test AI agents with the same frameworks built for deterministic code. A wave of emerging research and…
May 8, 2026AI/LLM Updates
Claude's "Dreaming" and Multiagent Orchestration Will Transform Your QA Pipeline
Anthropic's newly released Claude Opus 4.7 ships two features — Dreaming (session-to-session agent memory that improves over time) and Multiagent Orchestration (a lead agent that delegates work to specialist sub-agents)…
May 7, 2026Vulnerability Analysis
CVE-2026-2052: WordPress Widget Options Plugin RCE — What It Is & How to Fix It
CVE-2026-2052 is a high-severity (CVSS 8.8) Remote Code Execution vulnerability in the Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress, affecting all versions…
May 7, 2026Vulnerability Analysis
CVE-2026-32202: Zero-Click Windows Shell Flaw Leaking NTLM Credentials in the Wild
CVE-2026-32202 is an actively exploited Windows Shell spoofing vulnerability that enables a zero-click credential theft attack: any Windows user who opens a folder containing a crafted LNK (shortcut) file will silently…

Latest from the blog