CVE-2026-3854: How a Trusted Internal Header Turned `git push` into RCE on GitHub
Wiz Research disclosed a command injection in GitHub's internal git pipeline that let any authenticated user reach RCE with a…
Federal PQC Migration: What Compliance Teams Actually Owe in 2026
NIST has finalized the first wave of post-quantum standards and the federal mandates are no longer aspirational. Here is what…
Pod Security and Container Escape Surface in Shared Kubernetes Clusters
A practitioner's view of the realistic container escape surface in multi-tenant Kubernetes — kernel boundaries, runtime gaps, and the controls…
Drawing the Authorization Boundary Around an Agentic AI System
Agentic systems with tool calls, MCP servers, and dynamic context don't fit the static system boundary model RMF was built…
MCP Security: The New Attack Surface Hiding in Your Agentic AI Stack
The Model Context Protocol went from niche spec to ubiquitous integration layer in eighteen months. The threat model did not…