Over 100 Chrome Web Store extensions steal user accounts, data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, ...

Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days

Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities.
Network World

Fixing encryption isn’t enough. Quantum developments put focus on authentication

According to the latest Google research, it could take as few as 1,200 logical qubits for a quantum computer to break ...
InfoWorld

Curity looks to reinvent IAM with runtime authorization for AI agents

Traditional authentication is incapable of securing AI agents, the company says, as it announces Access Intelligence.
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

AI agent credentials live in the same box as untrusted code. Two new architectures show where the blast radius actually stops.

Anthropic and Nvidia have shipped the first zero-trust AI agent architectures — and they solve the credential exposure ...
Visual Studio Magazine

BFF and SPAs: Best Friends Forever

Christian Wenz explains why the Backends for Frontends (BFF) pattern is emerging as a more secure authentication model for single-page applications.
CMSWire

Meet EmDash, the Cloudflare CMS and WordPress 'Spiritual Successor'

Cloudflare created an open-source CMS it calls a "spiritual successor to WordPress" — but WordPress is having none of it.