A CVSS score of 9.5 may not be significant to a CFO, but when it demonstrates a flaw in a payment system processing $2 million, it becomes a big deal. Therefore, the data must be linked with information about operational barriers that can result in financial damages, product delays, or loop in regulatory agencies.
Periodic risk lifecycle cannot keep up with the changing threat scenario, which if further impacted by an unstable geopolitical environment and rising technology like AI and quantum computing. Thus, information risk assessment must be a continuous process that links threats, supervising controls, and the possible repercussions for the business if the controls fail.
Different risks carry different impacts, stakeholder needs, and available data. This means that analysis also changes. You need two analysis tracks for this: qualitative analysis for quick decisions with limited data, and quantitative analysis for investment decisions when they need financial backing.
The IRAM3 methodology unifies both tracks into a single framework that uses the same process and is built to be modular, so businesses can gain entry at any desirable phase they think fits their demands.
A linked risk lifecycle changes how businesses perceive organization threats. It also helps to keep activities such as interpreting threats, evaluating controls, and measuring exposure connected instead of treating each analysis as an isolated process.
Linked assets must be grouped by the business function they assist. This lets the teams conduct risk analysis that connect how the organization actually works and also helps in defining the risk appetite.
In this step, you identify the risks to your business, map related threats to critical assets, and predict how likely they will materialize. According to Security Week, “From a quantitative standpoint, a three-point frequency estimate—minimum, most likely, and maximum—is assigned instead of a rating. The number of loss events you would anticipate in a year is represented by this estimate.”
Testing control success
A business might have a MFA coverage, but if privileged accounts are not included as allowing MFA disrupted a legacy integration, the gap is a direct pathway into critical systems. Thus, these controls should be carefully mapped to particular threats, checked for implementation, and analyzed if they actually reduce risk.
BeyondTrust has released security updates to remediate four vulnerabilities affecting its Remote Support (RS) and Privileged Remote Access (PRA) solutions, including two Critical authentication bypass flaws that could allow attackers to gain unauthorized access to vulnerable appliances under specific deployment configurations. The products are commonly used by organizations to deliver remote technical support and manage privileged access to enterprise systems, making them attractive targets because they often provide administrative access to critical IT environments.
The most severe issues originate within the products' authentication mechanisms, which verify user identities before granting access. Because the vulnerabilities can be triggered before the authentication process is completed, successful exploitation may allow attackers to bypass an important security control without first supplying valid credentials.
One of the Critical vulnerabilities, tracked as CVE-2026-40138, carries a CVSS score of 9.2 and affects both BeyondTrust Remote Support and Privileged Remote Access. According to the advisory, the flaw stems from improper validation of authentication data within the authentication subsystem. Under specific authentication configurations, a network-positioned attacker could bypass access controls and obtain unauthorized access to the appliance, including accounts with elevated privileges.
BeyondTrust also addressed CVE-2026-40139, another Critical vulnerability assigned a CVSS score of 9.2 that impacts Remote Support. The issue results from improper processing of authentication requests and could enable an unauthenticated remote attacker to circumvent authentication controls and gain unauthorized access to affected appliances, including privileged accounts. Similar to CVE-2026-40138, exploitation depends on a particular authentication configuration being enabled, meaning the exposure varies according to how affected environments are deployed.
In addition to the authentication bypass flaws, the company disclosed CVE-2026-40140, a High-severity vulnerability with a CVSS score of 8.7 affecting the network communication subsystem. The issue arises from insufficient validation of client-supplied input and could allow an unauthenticated remote attacker to trigger a denial-of-service (DoS) condition, disrupting the availability of vulnerable appliances rather than providing direct access to them.
The fourth vulnerability, CVE-2026-40141, received a CVSS score of 8.5 and affects web application components within both Remote Support and Privileged Remote Access. Caused by inadequate validation of user-supplied input, the flaw could enable an authenticated user with limited privileges to access resources or information beyond their intended authorization. BeyondTrust noted that exploitation of this vulnerability is limited to accounts that already possess specific permissions.
The company said the vulnerabilities were identified during ongoing internal security assessments with assistance from publicly available artificial intelligence models, including Anthropic Claude Opus 4.8, alongside BeyondTrust's proprietary security research tooling. The use of AI-supported analysis reflects a growing trend of incorporating large language models into vulnerability research to assist security teams in identifying potential weaknesses alongside conventional testing techniques.
According to BeyondTrust, the most severe vulnerabilities could allow authentication bypass and unauthorized access when affected systems are configured in specific ways. The remaining flaws could result in service disruption, unintended access to data, or expanded privileges for authenticated users under defined conditions, potentially affecting the confidentiality, availability, and integrity of vulnerable systems.
The vulnerabilities have been resolved in Remote Support version 25.3.3 and later and Privileged Remote Access version 25.3.3 and later. Organizations running version 25.3.2 or earlier of either product are advised to upgrade to the latest available release to mitigate the disclosed risks.
BeyondTrust stated that it has not observed evidence of the newly disclosed vulnerabilities being exploited in the wild. Nevertheless, the company noted that its Remote Support and Privileged Remote Access products have previously been targeted by threat actors. Earlier vulnerabilities, including CVE-2024-12356 and CVE-2026-1731, were exploited to deploy web shells and backdoors on compromised appliances, demonstrating the continued interest of attackers in enterprise remote access infrastructure. Given that history and the privileged role these products play within enterprise environments, organizations are encouraged to apply the available security updates promptly to reduce their exposure to potential attacks.
The announcement came after Flipper decided on building new devices such as Flipper One open Linux platform, where the organization shifted to the community’s help to finish development.
Besides this, Flipper also launched a Buy Bar device for people with Attention Deficit Hyperactivity Disorder (ADHD) to reduce interruptions, which will be open for sale on July 14 in the US, U.K, Canada, and Europe.
Flipper Devices said that the genuine firmware for the Flipper Zero portable pen-testing device will still continue, but full-time feature production ends now.
The first major stable release- Flipper Zero Firmware 1.0, was announced in September last year, after three years of development. The latest stable launch is variant 1.4.3, out since December last year.
By then, the company felt that the firmware was matured, with APIs and a stable SDK and all features implemented safely.
Recently, the team hinted that firmware development was shut down, resulting in strong backlash from people. “We've seen the strong reaction from the community over the idea that we've stopped developing the Flipper Zero firmware,” Flipper said in a blog post. "We want to address this and let you know that we've heard all your feedback and have decided to rethink our approach to maintaining the project and engaging with the community," Flipper added.
To address the concerns, Flipper has made a new technique for the project that depends on closer communication with supporters to keep firmware development in process.
The project will continue with a few resources and in a new way to communicate with the community, such as:
“We're moving all requests from the Flipper Zero community to GitHub Discussions. Now you can 🤚 vote for feature requests that really matter, so we can see what the community actually wants and prioritize them,” Flipper said.
Chinese artificial intelligence company Z.ai, formerly known as Zhipu AI, has introduced GLM 5.2, an open-weight large language model that is attracting attention among developers for combining advanced AI capabilities with the flexibility to run on privately owned hardware. Unlike proprietary AI platforms such as ChatGPT and Claude, which are primarily accessed through cloud-based subscriptions, GLM 5.2 allows developers to download, customize, and deploy the model within their own computing environments, offering greater control over infrastructure, privacy, and operational costs.
The release comes as open-weight AI models continue to narrow the performance gap with leading commercial systems. While proprietary models have traditionally dominated the AI ecosystem with stronger reasoning capabilities, newer open-weight alternatives, including Meta's Llama family, Mistral, and now GLM 5.2, are demonstrating that many enterprise workloads no longer require exclusive reliance on premium cloud-hosted models. Businesses commonly use AI to summarize extensive document repositories, generate and debug software code, automate repetitive workflows, and retrieve information from internal knowledge bases, making cost-efficient deployment an increasingly important consideration.
Unlike fully open-source AI projects that typically publish training code, data processing pipelines, evaluation frameworks, and other development components, open-weight models primarily provide access to the trained model parameters. This enables organizations to fine-tune and integrate the model into their own applications while maintaining considerably more flexibility than closed AI services, where the underlying model remains inaccessible.
Interest in GLM 5.2 has also grown following demonstrations showing the model running locally on high-end Apple systems, including the Mac mini. Although these deployments require powerful hardware, they illustrate how advanced AI models are gradually becoming practical outside centralized cloud infrastructure. For organizations handling sensitive financial information, medical records, intellectual property, or confidential research, local deployment reduces the need to transmit data to third-party platforms, strengthening privacy protections while supporting regulatory compliance and data sovereignty requirements.
Despite its flexibility, GLM 5.2 remains an exceptionally demanding model. Built using a Mixture-of-Experts architecture containing between 744 billion and 753 billion parameters, the model occupies approximately 1.51TB of storage and memory in its original form. Developers therefore rely on quantization, a compression technique that reduces memory requirements by lowering the numerical precision of model weights. Even after aggressive optimization, approximately 240GB of memory is still required to load the model. GLM 5.2 also supports a one-million-token context window, allowing it to process entire software repositories, lengthy technical documentation, and extensive research collections within a single prompt, though doing so places additional demands on system memory.
As organizations continue evaluating how AI should be deployed across their operations, GLM 5.2 reflects a broader industry movement toward flexible AI ecosystems where proprietary, open-weight, and locally hosted models each serve different operational needs. Rather than replacing commercial AI platforms outright, models such as GLM 5.2 provide businesses with additional options to balance performance, cost, security, and data control as enterprise AI adoption continues to evolve.
The IDE is employed by more than half of the Fortune 500. Both RCE flaws, called “DuneSlide,” were given a 9.8 CVSS score. The security bugs are tracked as CVE-2026-50548 and CVE-2026-50549.
The bugs demonstrated how prompt injection can move beyond the LLM layer and reveal classical bugs in code paths that were earlier not thought of as part of the attack surface.
A threat actor can exploit either of these bugs to overwrite critical system files (such as cursorsandbox binary), changing sandboxed comments into unsandboxed RCE and resulting in a full system hack on both the victim device and linked SaaS workspaces.
Bugs found: Cato AI Labs found two separate, critical bugs in Cursor IDE, resulting in non-sandboxed RCEs on the victim’s system.
Arbitrary file write through prompt injection: Via zero-click prompt injection, these bugs could let a threat actor use zero-click prompt injections to write arbitrary files on the target’s local system.
Escaping sandbox and RCE: If leveraged, a threat actor can jump out of the terminal sandbox and attain a full RCE and a complete device exploit.
Zero-click attack vector: The exploit doesn’t need any prior user privileges or particular interaction. It is prompted when a target makes an “makes an innocuous prompt that inadvertently ingests a threat actor-controlled payload from an untrusted source, such as an MCP server or a web search result,” Cato AI Labs reported.
The first bug surfaces from how the sandbox creates its security boundaries based on tool parameters. If a sandbox command is executed, Cursor creates a seatbelt policy that allows writing into the present working directory.
This means that a remote hacker cannot command the working directory of a sandboxed operation because coding agents are a unique part of software. But, in this bug, a prompt injection works as the passageway to that part of the code.
The second vulnerability is fully independent of the first and exists in Cursor’s file path resolution edge instances. It allows hackers to avoid beyond-limits write restrictions via symbolic links.
In most traditional software, an external hacker cannot remotely generate symlinks on the target's system. In this scenario, a prompt injection changed the Cursor agent to a bridgehead for non-trivial activities that end in a full system compromise.
Bad Epoll was discovered in the same kernel code where Anthropic’s famous AI model, Mythos, discovered another vulnerability.
The AI flagged one flaw but missed Bad Epoll. Expert Jaeyoung Chung discovered this one.
Epoll is a Linux feature that allows a program to watch various network connections and files at once. You cannot switch it off as web browsers, network services, and servers, all rely on it.
The flaw is a ‘use-after-free’ bug, where two parts of the kernel clean up the same internal object at once. One cleans the memory while the other one writes it. This small friction allows hackers to attack kernel memory, then rise upward to root.
Timing is the catch. A random attempt nearly never lands in the window where the two pathways intersect since it is just roughly six machine instructions wide. On testing platforms, Chung's attack expands that window and tries again without crashing, achieving root roughly 99% of the time.
It is more serious since, according to his account, it can be triggered from within Chrome's renderer sandbox, which prevents nearly all other kernel problems, and it can reach Android, which is not possible with other Linux privilege bugs.
Chung sent the flaw as a zer0-day to Google’s kernelCTF program, and full details can be found on his Github. There are no indications that hackers have used it in real-time. At present, an android variant of compromise exists and the only working code is the kernelCTF PoC.
These two flaws go back to a single 2023 modification to the epoll code. According to Chung, Mythos discovered the first two, now labelled as CVE-2026-43074, with an early patch in 2026.
Additionally, Anthropic said that Mythos discovered linux kernel privilege-escalation bugs, but it did not relate the findings with Bad Epoll. Finding the first one was difficult as race-condition flaws are difficult to detect. But why did the AI miss the second flaw?
Small timing window
Lack of evidence during runtime