Kategorie

Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability (known as Fragnasia and tracked as CVE-2026-46300) that allows attackers to run malicious code as root. [...]

Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia, the security vulnerability is tracked as CVE-2026-46300 (CVSS score: 7.8) and is rooted in the Linux kernel's XFRM Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

As digital tools become more central to its operations, Southwest Airlines is increasingly turning to AI and automation to prevent endpoint issues from affecting the sprawling airline.

The new tools allow the company’s IT team to take a more strategic, rather than reactive, approach to operations, said Derek Whisenhunt, head of end user computing at Southwest Airlines. 

“Bottom line is we now focus our team’s time on proactive and preventative work and increasing the digital employee experience and not waiting for issues to arise before focusing on them,” said Whisenhunt.

Southwest has been steadily digitizing frontline workflows for the past decade, replacing paper-based operational processes with mobile devices and cloud applications for its maintenance, flight operations, and gate services workers — and even cabin crews.

The Dallas-based company has largely digitized operations for its 72,000 staffers — two-thirds of which are in frontline roles — replacing the printed manuals used by pilots and ground operations teams with mobile devices, for instance. 

At the same time, the switch to digital tools has placed even greater demands on IT: the Southwest end user computing team supports around 50,000 employee smartphones and tablets, 20,000 laptops, and 15,000 PCs. 

Problems with end user devices can be costly to the business. With short turn-around times for Southwest’s 800 Boeing 737 aircraft, hardware or software failures on employee devices can quickly affect airline customers. 

“You’ve seen it, or you’ve experienced this,” said Whisenhunt. “If you go up to a customer service or a gate agent and you can see the line start to extend — or the customers start to get frustrated and the agent’s on the phone with somebody — that’s either a ticket issue or it’s a system issue.

“To me, it’s very personal, because we’re impacting the employees’ experience, we’re impacting our customers’ experience,” he said. “In just that one scenario, we’re drastically impacting our ability to turn aircraft.”

Using remote actions to prevent IT issues

To monitor and manage its fleet of end-user devices, Southwest deployed a digital employee experience (DEX) application from Nexthink several years ago. DEX software is designed to monitor and improve how employees interact with workplace technology, including device performance, application reliability, and IT support interactions.

In recent years Southwest has become more advanced in its use of DEX software, said Whisenhunt. Within its 14-strong endpoint management team, Southwest now has a “full-blown DEX operations team” and a DEX engineering team that’s “forward-looking, deploying new products” and managing automations, said Whisenhunt.  

In addition to gathering insights into the performance of devices, Southwest now uses DEX to actively remediate problems. Automation plays a key role here, with Southwest using “remote actions” to automate simple fixes, such as cleaning cache files that had caused Microsoft Teams to crash for users.

The volume of remote actions deployed by the airline has grown significantly in recent years. In 2024, the company conducted 1.1 billion remote actions, equivalent to roughly 13,000 hours saved for employees dealing with IT problems. In 2025, the remote action figure rose to 2.1 billion — with 23,000 hours saved, he said. 

“That’s how important a remote action is.… It’s in that preventative world, where we’re addressing an issue before you even know it.”

Automated remote actions have also helped Southwest avoid hardware upgrades, said Whisenhunt.

The airline has around 8,000 back-office PCs, with as many as 20 employees logging in to each one. Because full Microsoft 365 profiles are downloaded when a user logs in, the PC hard drives fill up and cause performance issues. Remote actions were used to delete user profiles for employees that hadn’t logged in for a week or more – averting the planned purchase of 1-terabyte hard drives to deal with the demands, said Whisenhunt.

Remote actions can also be combined into automated workflows using ‘if/and’ statements to perform more complex actions. 

Over the last month or so, Southwest has automated approximately 5.8 million remote actions “across a range of endpoint health, security, and lifecycle workflows,” said Whisenhunt, the majority of which center on disk space management, with 13 remote actions executed roughly 3 million times to “proactively reclaim disk space.”

The team was able to address a 20% failure rate for its Microsoft SCCM client — used for software and security updates on employee devices — chaining together several remote actions to check the health of the client, restart the service, and, if needed, repair or reinstall the client software.

The DEX platform also integrates with ServiceNow to enable automated ticket generation when users run into technical problems.

“For example, if we see your system had three blue screens of death in 24 hours, a ticket is automatically generated,” he said, working around any  employees who would rather put up with the inconvenience than file a trouble ticket. 

“A lot of people don’t even call the service desk, they’re like, ‘Whatever – reboot, just deal with it. I don’t have time for this.’”

Using AI to boost productivity and empower workers 

In addition to workflow automation, Whisenhunt said AI tools could help boost productivity. Nexthink’s Workspace — an LLM-based conversational assistant — lets staff quickly find information about problems affecting their devices, and can  provide guidance around what tasks to prioritize. 

That’s helped the end user computing team access relevant data faster, he said, “while allowing our analysts and our engineers to focus on what’s more important.”

The team uses Workspace daily, he said, to monitor device health, application performance, security posture, and lifecycle signals. It’s also used to trigger remote actions to correct issues “often before the employee is aware there’s a problem,” said Whisenhunt.

“This has shifted the team from a ticket‑driven, reactive support model to a proactive operations model where we can detect degradation, validate remediation outcomes, and continuously improve stability at scale,” he said. The result has been a reduction in service desk volumes, “faster time‑to‑resolution when issues do surface, improved endpoint reliability, and meaningful recovery of engineering capacity previously spent on repetitive fixes.” 

Southwest plans to roll out Nexthink’s Spark — an AI tool designed to tackle user problems by diagnosing and suggesting simple fixes before contacting IT. A pilot rollout is in the works, said Whisenhunt, starting with the IT team.

“By combining real‑time context from the endpoint with IT‑approved automation and guided remediation, Spark allows users to resolve many issues themselves, in the moment, without opening a ticket or waiting for human intervention,” he said.

Beyond the potential productivity boost, Whisenhunt is taking steps to mitigate possible AI downsides. ‘As with any AI‑driven capability in an enterprise IT environment, we do have healthy concerns around reliability, oversight, and ensuring the right balance between automation and control,” he said

“We are treating trust as something that must be earned over time through strong governance, clear guardrails, and continuous validation of outcomes rather than assuming it from day one.”

Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting ngx_http_rewrite_module (CVE-2026-42945, CVSS v4 score: 9.2) that could allow an attacker to achieve remote code execution or cause a Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Nearly halfway into 2026, enterprises are beginning to see tangible returns on their AI investments. Yet many are discovering that scaling requires something far less glamorous than flashy frontier models and state-of-the-art benchmarking: Clean, interoperable, governed data.

According to a new AI Momentum Survey from Dun & Bradstreet, 97% of organizations report active AI initiatives, but just 5% say their data is ready to support them.

This reflects the messy reality of AI as enterprises struggle to move beyond experimentation to operationalization.

“You do not need enterprise-wide AI-ready data to launch pilots or isolated AI use cases,” said Cayetano Gea-Carrasco, Dun & Bradstreet’s chief strategy officer. “But you do need it to scale AI reliably across mission-critical workflows and systems.”

Early gains seen

Organizations are all-in on AI in 2026 and view it as a mission-critical imperative, according to the D&B report. Well over half (67%) are seeing “early signs or pockets” of ROI, and 24% report “broad or strong” returns.

Further, more than half (56%) of the 10,000 businesses polled by the data and analytics firm say they are planning to increase AI investment in the next 12 months. Around one-third (30%) are scaling AI into production and 26% are operationalizing the technology across multiple core processes.

As adoption rapidly increases, early returns are more common now than even just a year ago, D&B noted, but they still remain uneven. Dovetailing with this, concerns around data readiness are “even more profound” than in 2025.

This is for a variety of reasons, including problems with access to data (reported by 50% of those polled by D&B), privacy and compliance risks (44%), and data quality and integrity concerns (40%). Further, 38% report lack of integration across systems, while 37% say there is a shortage of qualified AI professionals.

Concerningly, however, just a small number of enterprises (10%) say with high confidence that they are able to identify and mitigate AI-related risks.

“The key question is no longer whether organizations are experimenting with AI,” said Gea-Carrasco. “It’s whether they have the data and infrastructure required to deploy AI reliably at enterprise scale.”

He noted that it’s relatively easy for enterprises to launch copilots, chat interfaces, or departmental AI tools using general-purpose models and get “impressive results in a controlled environment.” But far fewer are able to deploy AI into production workflows, where accuracy, accountability, explainability, interoperability, and consistency directly impact business decisions. This includes areas like onboarding, compliance, risk management, and customer operations. “That’s where data readiness becomes critical,” said Gea-Carrasco.

The data hurdle

The challenges around data are only compounded as enterprises move from copilots to more autonomous agentic workflows. “Most enterprise data environments were built for human workflows, not autonomous AI systems operating continuously across the business,” he pointed out.

While AI systems can produce outputs that sound coherent, they can be difficult to trust operationally, due to hallucinations, conflicting recommendations across systems, and compliance issues, Gea-Carrasco noted. This is problematic for all enterprises, but particularly for those in regulated industries like banking, insurance, healthcare, and financial services, where trustworthy and auditable outputs are “non-negotiable.”

Organizations seeing the most progress are those working to ensure that their data is high-quality, reliable, and governed. They are investing in consistent identity resolution and data interoperability and maintenance, so that AI can “reliably consume” and act on information, he explained.

Where enterprises are seeing ROI

Enterprises are beginning to see ROI in areas where underlying data environments are more mature, thus making it easier for AI to be directly embedded into real workflows, according to Gea-Carrasco. This includes areas like sales intelligence, onboarding, compliance workflows, customer research, risk analysis, workflow automation, prospecting, screening, supplier evaluation, and business verification.

ROI is typically reflected in reduced manual research, faster onboarding and review cycles, improved operational consistency, accelerated sales workflows, and better decision support for employees, he said. “In many cases, organizations are using AI to help teams process and synthesize large amounts of information significantly faster than before.”

He emphasized that AI is most successful when it augments existing operational processes rather than fully replacing human decision-making. “Organizations are finding success where AI helps employees work faster, make better decisions, and it reduces repetitive manual work while humans remain involved in oversight and final approvals,” he said.

Enterprise approach to agentic AI

Agentic AI is beginning to enter production environments, although it is “still relatively early and targeted,” Gea-Carrasco pointed out.

Most enterprises today are deploying agents that are narrowly scoped rather than fully autonomous, he said. The near-term pattern is supervised autonomy, where agents execute portions of workflows while humans remain involved in approvals, oversight, and exception handling. Thus, agents are entering what he referred to as “clearly defined workflows,” such as research, onboarding support, and workflow orchestration.

Over the next several years, AI will move from standalone copilots to more connected agentic systems embedded directly into enterprise workflows, he noted. They will increasingly coordinate work across customers, suppliers, partners, employees, and enterprise apps. Agents will likely become ever more prominent in workflows around sales operations, onboarding, compliance, procurement, customer research, risk management, supplier evaluation, and monitoring.

“Enterprise AI is becoming less about isolated productivity tools,” said Gea-Carrasco, “and more about building intelligent operational systems that can support decision-making and workflow execution at scale.”

This article originally appeared on CIO.com.

West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. [...]

The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. [...]

A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. [...]

There are conflicting signals about whether AI is creating or destroying jobs, though many companies have blamed the technology for recent cuts. 

Analysts and industry experts say the reality is more nuanced: jobs being lost now to AI will likely reappear elsewhere, especially for those with hands-on AI experience.

In other words, while AI may be reshaping the labor market, it is not eliminating the need for talent. “We are seeing a shift toward the type of talent employers need and the expectations they have for impact,” said Kye Mitchell, head of Experis US.

Though hiring for entry-level jobs is under pressure as AI absorbs more routine work, that doesn’t eliminate opportunity, she said. “It changes the expectations. Employers now expect candidates to come in with hands-on experience, AI familiarity, and the ability to contribute faster.”

While reductions in headcount are real, the savings from cutting those jobs will reappear elsewhere in hiring for other roles or tasks, said Deepak Seth, senior director analyst at Gartner.

For example, though Claude Code might help IT leaders reduce the number of developers they have on hand, one faulty software rollout could lead to new hiring to fill gaps, Seth said. “Maybe you need to hire more quality testers in another group. Maybe you need to hire more people to train people on how to use these tools,” Seth said.

One thing seems clear: AI is indeed affecting young workers and suppressing entry-level wages. And it goes companies a rationale to do layoffs.

Many big tech companies are attributing large job cuts to AI, Andy Challenger, workplace expert and chief revenue officer for Challenger, Gray & Christmas, said in a May 7 blog post. 

April was particularly brutal for AI-related layoffs, with some top IT firms cutting positions due to efficiencies from AI. “They are also often citing AI spend and innovation. Regardless of whether individual jobs are being replaced by AI, the money for those roles is,” Challenger said.

Opinions vary among workers about whether AI is taking jobs away, according to a study published last month by ADP Research and the Stanford Digital Economy Lab.

Though young workers are especially worried AI will slow job creation in some sectors, more experienced workers are sanguine about losing their jobs, Stanford and BCG said in separate studies.

“There appears to be less cause for concern about widespread job displacement … particularly those in occupations with high experience premiums in which AI is likely to complement the worker’s tacit knowledge,” BCG said in its study “AI will reshape more jobs than it replaces.”

LinkedIn in a January labor report went a step further and projected that AI had created 1.3 million new jobs globally. The jobs were in the areas such as data annotators, forward-deployed engineers and AI engineers.

Microsoft cited the LinkedIn report in its recent Work Trend Index study, and said AI is  creating a new operating model allowing companies to be smarter and more efficient.

But the company sidestepped the larger issue of how AI is affecting the job market. “Some jobs will change. Some will go away. And many that don’t exist yet will emerge,” Microsoft said in the study.

A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. [...]

Tomorrow's webinar examines why prevention alone is no longer enough against modern cyberattacks. The session explores how organizations combine security, backups, and recovery planning to improve cyber resilience after attacks. [...]

Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. [...]

Apple’s key manufacturing partner Foxconn has confirmed its US factories suffered a ransomware attack in recent days after the gang responsible claimed to have stolen 8TB of data from the company — including confidential Apple information.

This isn’t the first attack to hit Foxconn, and such is the scale and value of the company that it is unlikely to be the last. Criminals understand the value of the information it has and see it as a prime target. That it is an industrial company actively deploying smart factory infrastructure across its premises just makes it an even more interesting challenge; what happens if the machinery itself is attacked?

Industrial defenses have improved; so have attacks

In practice, most large industrial facilities are moving to secure their own internal factory networks using technologies such as SD-WAN, private 5G networks, network segregation, isolation of production environments from the corporate network, and active monitoring against threats to factory machinery. All the same, attackers always hope that complex, well-planned combination exploits will find some way into even those most private and secure portions of corporate systems.

What happened at Foxconn

In this particular case, it doesn’t look as if the attack was made against connected industrial equipment at Foxconn. Wired reports a little of the events that took place:

• The attack was identified on May 1.
• Foxconn’s network collapsed.
• Wi-Fi failed first, then the disruption extended to core plant infrastructure.
• As the attack unfurled, workers were told to switch off their computers.
• They were also instructed not to log back in under any circumstances.
• There were previous attacks on other Foxconn facilities and subsidiaries, suggesting regular assaults on the company.

The attackers claim to have stolen key confidential data belonging to Foxconn clients, though sample files published by them don’t seem to include any Apple-related materials.

While it is easy to get lost in the shock value of what seems to be a successful attack against an Apple supplier, the underlying story should be a warning to every company as it highlights the febrile nature of the current threat environment.

The data is clear: factories are targets now

Recent security analyses have confirmed that attacks against the manufacturing sector are particularly severe. The IBM X-Force Threat Intelligence Index 2025 described manufacturing as the most targeted industry across four successive years. Dragos claims 70% of ransomware attacks have affected the sector, and the ENISA Threat Landscape raises similar alarms.

Attackers are highly focused on this sector for many reasons. They see the money potential of ransomware attacks and the reality that industrial operations can’t afford downtime, which means they become more likely to pay their way out of trouble. (That’s not to imply Foxconn has done so, but is more of a general observation.)

Attackers also recognize the fragmented nature of industrial cybersecurity as the industry goes through rapid digital transformation, leaving overall security only as strong as its weakest partner or parts.

Attacks are evolving quickly

It isn’t likely that the threat window will close any time soon. Paul Smith, director of Honeywell Operational Technology (OT) Cybersecurity Engineering warns, “Attackers are evolving fast, leveraging ransomware-as-a-service kits to compromise the industrial operations that keep our economy moving.”  

With new breed AI-augmented attacks expected to increase in volume and capacity in the coming years, the entire sector needs to put the strongest possible mitigations in place now. The continued evolution of nation state-adjacent attackers, likely equipped some day with access to quantum computers to power their exploits, is a real threat to industry and national infrastructure.

Put it all together and the recent attack against Foxconn is less of a story about Apple security and more a klaxon to everyone in the sector that the intensity and proficiency of these attacks is accelerating.

Plan for impact, not perfection

This also means larger entities such as Apple will probably need to introduce and/or enhance their mandatory supplier security guidelines to ensure supply chains have sufficient protection in place against such exploits — and the recognition that even when they do, successful attacks will still take place. 

Foxconn clearly had its own mitigation strategy, as it put this into effect the moment the attack took place then moved to threat analysis and dispatched mitigation teams. But even smaller operators should already know what they will do when attacked. Has your business got plans in place for this? Because the moral of today’s tale is that you should develop them immediately.

First they come for Foxconn. Then, they come for you.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Microsoft has fixed a Windows Autopatch bug that caused driver updates restricted by administrative policies to be deployed on some Autopatch-managed Windows devices in the European Union. [...]

Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it's being tested by some customers as part of a limited private preview. MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Foxconn, the world's largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. [...]

Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. [...]

Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated.

The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the Windows Attack Research and Protection group.

The platform will enter private preview for enterprise customers next month, Microsoft said in a blog post announcing the system.

The vulnerabilities were patched as part of Microsoft’s May 12 Patch Tuesday release.

“Cyber defenders are facing an increasingly asymmetric battle,” Microsoft added in the blog post. “Attackers are using AI to increase the speed, scale, and sophistication of attacks.”

Critical Windows components affected

The four critical vulnerabilities affected core Windows components broadly deployed across enterprise environments, Microsoft said in the blog.

Among them was CVE-2026-33827, a remote unauthenticated use-after-free flaw in the Windows IPv4 stack reachable through specially crafted packets carrying the Strict Source and Record Route option, Microsoft said.

Another flaw, CVE-2026-33824, involved a pre-authentication double-free issue in the IKEEXT service affecting RRAS VPN, DirectAccess, and Always-On VPN deployments.

Two additional critical flaws affected Netlogon and the Windows DNS Client, both carrying CVSS scores of 9.8.

The remaining 12 vulnerabilities rated “Important” included denial-of-service, privilege-escalation, information disclosure, and security feature bypass flaws affecting components such as tcpip.sys, http.sys, ikeext.dll, and telnet.exe, according to Microsoft.

How MDASH orchestrates AI agents

According to Microsoft, MDASH orchestrates more than 100 specialized AI agents across multiple frontier and distilled models, with each agent assigned to a different stage of the vulnerability discovery pipeline.

Some agents scan source code for potential flaws, others validate whether findings are genuine, and another stage attempts to construct triggering inputs capable of reproducing the issue before the finding reaches a human engineer for review.

“The model is one input. The system is the product,” Taesoo Kim, Microsoft vice president for agentic security, wrote in the blog.

Microsoft said the architecture was intentionally designed to remain largely model-agnostic, allowing the company to swap underlying AI models without rebuilding the broader orchestration pipeline.

That detail matters because MDASH arrives only weeks after Microsoft announced Project Glasswing, a partnership involving Anthropic and others to evaluate AI-driven vulnerability discovery using Anthropic’s Claude Mythos Preview model.

“Microsoft is now operating as platform owner, security vendor, AI infrastructure player, OpenAI partner, Mythos integrator, and agentic security supplier,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “That is a formidable position. It is also a concentration of influence that security leaders must examine with clear eyes.”

AI vs AI vulnerability race

The announcement also highlights growing concern that AI-driven vulnerability discovery could accelerate offensive operations as well as defensive research.

Anthropic has previously said its Mythos Preview model identified thousands of high-severity vulnerabilities, including a decades-old OpenBSD flaw and a long-undetected FFmpeg issue that traditional fuzzing tools failed to uncover despite millions of attempts.

“We’ve entered an AI-versus-AI vulnerability discovery race,” said Sunil Varkey, advisor at Beagle Security. “The winners won’t be the organizations with the best static scanners anymore. They’ll be the ones who can run these agentic systems fastest against their own code and remediate at machine speed.”

Varkey said enterprises should pursue early access to systems such as MDASH where possible rather than waiting for broader commercial availability.

“Early access isn’t just nice-to-have,” he said. “It’s becoming a defensive necessity in the AI era.”

For CISOs, the broader implication may be that vulnerability management is shifting from periodic scanning toward continuous, AI-assisted discovery and remediation.

“The future belongs to security teams that can find, validate, contain, and fix in one governed motion,” Gogia said.

Benchmarks show progress, but analysts urge caution

To support its claims, Microsoft published benchmark results showing MDASH identified all 21 deliberately planted vulnerabilities in an internal Windows test driver without false positives. The company also said the system successfully recovered nearly all historical Microsoft Security Response Center cases tested against older Windows component snapshots.

On the public CyberGym benchmark for vulnerability reproduction tasks, Microsoft said MDASH achieved a score of 88.45%, topping the public leaderboard at publication time.

Gogia said the results show the category is maturing but warned against treating benchmark scores as direct proof of enterprise value.

“CyberGym is a signal, not a buying decision,” he said. “The machinery around the model is beginning to resemble a serious security research workflow.”

He added that many enterprises still lack the governance maturity required to operationalize machine-generated vulnerability discovery effectively.

“Discovery without remediation discipline is theatre,” Gogia said. “It produces dashboards, not resilience.”

This article originally appeared in CSO.

Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. [...]