Cybersecurity

Cortex XSOAR Vulnerability, CVSS 8.1, 8th Apr

Cortex XSOAR Vulnerability, CVSS 8.1, 8th Apr

Apache Tomcat and Tomcat Native Multiple Vulnerabilities, CVSS 7.3

CERT-Bund issued security advisory WID-SEC-2026-1038 identifying multiple vulnerabilities in Apache Tomcat and Tomcat Native with a CVSS Base Score of 7.3 (high). Affected versions include Apache Tomcat <9.0.117, <10.1.54, <11.0.21, and Tomcat Native <1.3.7, <2.0.14. An attacker can exploit these flaws to bypass security measures, manipulate data, disclose confidential information, and conduct open-redirect attacks.

EU AI Action Plan Reaches Major Milestones After One Year

European Commission releases one-year progress report on AI Continent Action Plan. EU reports 19 AI factories deployed across supercomputers with 13 regional antennas, Data Union Strategy and AI Omnibus launched to unlock data sharing and reduce compliance costs, and EU-India legal gateway office operational for ICT talent movement. Apply AI Strategy has €1 billion in funding earmarked for AI adoption across industrial and public sectors.

UFP Technologies Cybersecurity Incident Disclosure

UFP Technologies filed a Form 8-K with the SEC disclosing a cybersecurity incident pursuant to Regulation S-K Item 1.05. The disclosure notifies investors of a material cybersecurity event that has occurred at the company. As a public company, UFP Technologies is subject to SEC cybersecurity disclosure requirements that mandate timely reporting of material cybersecurity incidents.

Mysten Labs zkAt Zero-Knowledge Authenticator Patent Application

Mysten Labs, Inc. has filed USPTO Patent Application US20260100839A1 for a zero-knowledge authenticator (zkAt) system enabling policy-private authentication and oblivious updates to authentication policies. The system allows users to login to accounts while preserving the privacy of underlying authentication policies using zero-knowledge proof techniques. The application was filed on October 7, 2025, and published on April 9, 2026.

Dynamic Web Tokens for Data Lake Authentication

USPTO published patent application US20260100847A1 by inventors Johannes Alberti and Felipe Einsfeld Kersting, disclosing a system for enhancing data lake files with dynamic web tokens to support authentication and authorization. The invention introduces different types of web tokens with integrated authentication rules to improve scalability in resource systems. The application was filed on November 12, 2024, under Application No. 18944845.

Secure Microservice Architecture With Short-Lived Tokens

Secure Microservice Architecture With Short-Lived Tokens

Method and System for Cryptographic Authentication Using Portable Hardware Device for Secure Login

USPTO published patent application US20260100840A1 by inventor Diego Matute on April 9, 2026. The application discloses a method for authenticating a user to a resource via cryptographic verification between a portable hardware device and a system.

CYSEC SA Encrypted Satellite Communications, Patent US20260100832A1

USPTO published patent application US20260100832A1 assigned to CYSEC SA on April 9, 2026. The application covers encrypted satellite communications methods using hardware-based cryptographic processors and transport-layer session security. No compliance obligations are created by this publication.

Zero-Knowledge Proof Method Patent Application US20260100838A1

USPTO published patent application US20260100838A1 for a computer-implemented zero-knowledge proof method by inventor Enrique LARRAIA. The application, filed August 16, 2023 under Application No. 19114378, covers generating zero-knowledge proofs to verify knowledge of pre-image values using compression function instances across a series of nodes. The invention is classified under H04L 9/3218, H04L 9/0643, and H04L 2209/30.