Security Articles

Google Cloud's H1 2026 report details how North Korean threat actor UNC4899 (also known as Jade Sleet, TraderTraitor) breached a cryptocurrency firm by chaining social engineering with cloud-native attack techniques.

Cloudflare

31 min read

Security•2026-03-09

Fixing request smuggling vulnerabilities in Pingora OSS deployments

This post explains three HTTP/1.x request smuggling vulnerabilities (CVE-2026-2833, CVE-2026-2835, CVE-2026-2836) found in the Pingora open source proxy framework, patched in version 0.8.0.

Active defense: introducing a stateful vulnerability scanner for APIs

Cloudflare introduces a stateful Web and API Vulnerability Scanner in beta, starting with detection of Broken Object Level Authorization (BOLA) vulnerabilities.

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

This weekly cybersecurity recap covers major threats, takedowns, and vulnerabilities from the week of March 9, 2026.

The Hacker News

01 min read

Security•2026-03-09

Can the Security Platform Finally Deliver for the Mid-Market?

This article promotes a Bitdefender webinar focused on whether security platforms can meet the needs of mid-market organizations with limited budgets and small IT teams.

The Hacker News

01 min read

Security•2026-03-09

Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

This article reports on Chrome extensions that turned malicious following ownership transfers, enabling code injection, data theft, and host-level compromise.

OpenAI

01 min read

Security•2026-03-09

OpenAI to acquire Promptfoo

OpenAI announced its acquisition of Promptfoo, an AI security platform designed to help enterprises secure AI systems during development.

Complexity is a choice. SASE migrations shouldn’t take years.

Cloudflare demonstrates how SASE migrations that traditionally take 18 months can be completed in as little as 4–6 weeks using Cloudflare One.

Proactive Preparation and Hardening Against Destructive Attacks: 2026 Edition

This post provides proactive recommendations to defend against destructive cyberattacks, wipers, and modified ransomware.

From the endpoint to the prompt: a unified data security vision in Cloudflare One

Cloudflare One introduces a unified data security vision spanning endpoints, SaaS, and AI prompts with several new enforcement features.

High-performance envelope encryption at Ariso.ai with Vault

Ariso.ai implemented HashiCorp Vault's Transit secrets engine for high-performance envelope encryption across 21 database tables in their multi-tenant AI assistant platform.

Google Cloud

03 min read

Security•2026-03-05

Make security simpler: Introducing the Google Cloud recommended security checklist

Google Cloud introduces a recommended security checklist based on Minimum Viable Secure Product (MVSP) principles to simplify cloud security management.

Security & Identity