Last week’s highlights span AI-driven attack surfaces, widespread exploit activity against critical infrastructure and software, and major data breaches alongside rising privacy enforcement. Notable items include the RentAHuman gig model for AI agents, active exploitation of Windows Shell (CVE-2026-32202) and GitHub Enterprise (CVE-2026-3854), the buggy Vect ransomware, identity and IAM risks from AI agents, and record state privacy fines and breach disclosures #Vect #UNC6692
Keypoints
- AI agents are being hired via gig-style platforms like RentAHuman to perform physical tasks, raising misuse risks.
- Multiple critical flaws are being actively exploited, including CVE-2026-32202 against Windows Shell and CVE-2026-3854 affecting self-hosted GitHub servers.
- A bug in Vect ransomware causes irreversible data loss, effectively turning the operation into a wiper.
- Identity and access management models struggle to control AI agents, making identity discovery and unified identity layers essential.
- Large breaches, targeted phishing campaigns, and record state privacy fines highlight escalating regulatory and incident pressures.