AbejaIT AbejaIT

Blog

Technology news, cybersecurity, AI and IT infrastructure — our articles and carefully curated industry updates.

We publish our own analysis and practical insights from AbejaIT projects, and we also aggregate and summarize valuable content from trusted industry sources. You will find updates on software, cloud, security, artificial intelligence and IT trends — written for both business decision-makers and technical teams.

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI is expanding its Daybreak program, making the enhanced GPT-5.5-Cyber model available to trusted security professionals — according to the company, its most effective AI tool yet for detecting and patching software vulnerabilities. The model's ability to deeply analyze large codebases can significantly accelerate the work of defensive security teams.

Read more
WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool

Kaspersky detected an active cyberattack campaign in which criminals use WhatsApp to distribute malicious VBScript files disguised as documents. Once executed, the script installs a legitimate RMM tool (ManageEngine), giving attackers remote control over the victim's device. The campaign targets users in multiple countries including the UK, India, Brazil, and Singapore.

Read more
Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT

Cybersecurity researchers discovered malicious npm packages masquerading as PostCSS tools that actually install a Remote Access Trojan (RAT) on Windows systems. The packages accumulated over a thousand downloads before being identified. This is another example of a software supply chain attack — developers should verify the source and authenticity of every dependency before deploying it in a project.

Read more
Agentic AI: The Weapon That No Longer Needs a Warrior

Agentic AI: The Weapon That No Longer Needs a Warrior

Agentic AI marks a new frontier in offensive tool evolution — for the first time, a system can autonomously identify targets, plan attacks, and execute actions without direct human involvement. For B2B organizations, this represents a fundamental shift in the threat landscape: traditional security models based on reacting to known patterns may no longer be sufficient. Understanding the autonomy of modern AI systems is no longer theoretical — it is an urgent priority for IT departments and executives responsible for business continuity.

Read more
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns

GitHub has strengthened software supply chain security by updating the actions/checkout action to block 'pwn request' attack patterns. New protections effective June 18, 2026, prevent exploitation of the pull_request_target trigger, which previously allowed malicious code to run with full workflow permissions. DevOps teams using GitHub Actions should review existing pipelines for compatibility immediately.

Read more
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

President Trump signed an executive order setting specific deadlines for federal agencies to migrate to post-quantum cryptography—critical systems must be secured by end of 2030, digital signatures by end of 2031. This signals the entire IT sector that quantum-resistant security is no longer distant future but regulatory requirement. Organizations working with U.S. administration should audit cryptographic systems and plan migration paths now.

Read more
Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents

Security firm AIR conducted a controlled experiment publishing a fake AI agent skill in a popular marketplace—the tool reached approximately 26,000 agents including corporate accounts, despite no security scanner detecting the threat. The payload was deliberately harmless, limited to email collection, but the study aimed to prove a real gap in AI agent ecosystems. This is a warning signal for IT departments: verifying AI skill sources and vendors must become a standard organizational security policy element.

Read more
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

The FortiBleed campaign, attributed to a Russian-speaking initial access broker, led to leakage of over 110 million credentials from more than 430,000 FortiGate devices worldwide. Active since February 2026, the operation combines exposure scanning, brute-force attacks, and dedicated credential harvesting tools. Organizations using Fortinet firewalls should immediately verify access configurations and implement multi-factor authentication.

Read more
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root

Critical vulnerability CVE-2026-20230 in Cisco Unified Communications Manager (CVSS 8.6) is already actively exploited by cybercriminals—just days after a proof-of-concept revealing a file-write path to root was published. The flaw stems from improper HTTP input validation, enabling unauthenticated remote code execution. Organizations using Unified CM or Unified CM SME should immediately apply vendor patches.

Read more