Enterprise Technology Signals

The post contrasts AI conversations in applications with performance changes in data movement, network design, telemetry, and stable operations for agents.

MUFG Network Incident Correlation Agent correlates Splunk, SolarWinds Orion, and Cisco Nexus Dashboard to produce incident timelines and probable root causes in under 3 minutes.

The article describes Aviz Networks’ NCP Agent SDK, an on-premises, vendor-neutral platform for building AI agents that query network data, correlate context, and perform governed actions.

Mplify said AMS-IX, DE-CIX, and LINX joined to collaborate on Mplify LSO APIs for IP peering, cloud connectivity, and AI-driven traffic exchange.

OMB M-26-14 shifts federal logging from volume to value by prioritizing telemetry that supports CEM and THIRF and improves operational usability.

Microchip Technology received a BIS export license covering ECCN 3E001 and ECCN 3A001.a.7.b for Armenia-based FPGA R&D access.

Alluxio introduced a distributed caching solution for AI workloads on Oracle Cloud Infrastructure, citing sub-millisecond access and up to 1 TB/s throughput.

Cloudera announced its adoption of Apache Polaris with Apache Iceberg to support open, governed data access across hybrid and multicloud environments. The release cites data access and governance gaps, describes Polaris as an Iceberg REST catalog-based catalog, and adds a Ranger authorizer plugin for centralized security policy management.

Apache Livy became a Top-Level Project within the Apache Software Foundation, which describes Livy as a REST service for Apache Spark cluster interaction.

PCI-DSS 4.0 requires continuous proof of security controls, and the post argues packet-level evidence can cover gaps from logs and agents.

Overview Version 3.0.7 of the Securly Chrome Extension contains multiple vulnerabilities involving insecure data transmission, weak cryptography, and improper access control. These issues may expose sensitive filtering rules, enable the manipulation of downloaded configuration files, and allow unauthenticated access to protected resources. An attacker could exploit these weakness to steal configuration information, induce a Denial of Service (DoS), or modify content blocking rules for student users. Description The Securly Chrome Extension is a browser add-on commonly used in K–12 school-managed Chromebooks to enforce internet safety policies, filter or block websites, and provide activity monitoring for students. It is an element of the Securly classroom management platform, which helps schools comply with web filtering requirements and safely manage student online access. CVE-2026-8874 Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch Internet Watch Foundation (IWF) and Children's Internet Protection Act (CIPA) data over HTTPS, demonstrating an inconsistent implementation of TLS. CVE-2026-8876 The Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data. CVE-2026-8878 The Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover the original hash values and access the protected data. CVE-2026-8879 The Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately hides all page content, creates a full-page overlay, pauses all videos, and only restores content when the service worker confirms the page passes filtering. If Securly's servers are unreachable, pages remain indefinitely hidden. CVE-2026-8881 The Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching. This weak derivation method significantly reduces the effective security of the encryption, making the protected data vulnerable to efficient offline cracking. CVE-2026-8888 The Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in denial of service on all browsing. CVE-2026-8889 The Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes). Impact These vulnerabilities collectively enable multiple attack paths and threaten the security and privacy of student users, for which the extension may be academically mandatory. The HTTP configuration downloads (CVE‑2026‑8874, CVE‑2026‑8888) and weak cryptographic primitives (CVE‑2026‑8876, CVE‑2026‑8881, CVE‑2026‑8889) allow a network‑adjacent attacker to intercept, modify, or decrypt data related to keyword filtering. The presence of unauthenticated, publicly accessible endpoints with trivially reversible obfuscation (CVE‑2026‑8878) further exposes internal keyword lists, blocklists, and rule definitions. These weaknesses enable the reconstruction and manipulation of the extension’s filtering logic. For student users, this could result in exposure to content that the filtering system is intended to block, or the inappropriate blocking of legitimate educational resources. Additionally, the undeclared, dynamically‑registered content script (CVE‑2026‑8879) can be abused to fully obscure web pages, leading to DoS conditions for end users. Solution Unfortunately, Securly could not be reached for coordination of these vulnerabilities. Until a patch is available, administrators can lower their potential exposure by restricting usage of the extension on untrusted or public networks, installing school-managed VPNs on the underlying devices, and monitoring for unexpected or abnormal filtering behavior. Acknowledgements Thanks to the reporter Santh for discovering and researching these vulnerabilities. This document was written by Molly Jaconski.

After attending Cisco Live 2026, Sameh Boujelbene examines how Cisco is extending AI from the data center across enterprise infrastructure. Explore: The post Cisco Live 2026: Cisco’s AI Strategy Moves Beyond the Data Center appeared first on Dell'Oro Group.

Cloudera announced Sol Rashidi as keynote for its EVOLVE26 conference series. The program targets moving AI from pilots to production across hybrid and multi-cloud environments, with sessions on governance, sovereign cloud deployment, agentic AI, and technical tracks for data and AI practitioners.

Infoblox IQ combines agentic actions, a natural language assistant, and an MCP Server to triage alerts and support remediation.

Nord Security Impact Report said it reached 100% renewable electricity in 2025 and expanded nonprofit product donations and training.

Aptean named Yama Habibzai Chief Marketing Officer as it deepened AI capabilities and scaled global presence in manufacturing and distribution markets.

HIPAA monitoring needs continuous packet-level visibility to prove PHI movement, encryption, access, and third-party interactions.

SEALSQ invested as a lead investor in Quobly’s €130M Series A via its Quantum Fund, supporting silicon quantum industrialization.

Astera Labs expanded its Taiwan operations and Cloud-Scale Interop Lab with partners for AI system validation and integration.

Netskope said it joined Anthropic’s Project Glasswing, using Mythos Preview to find code vulnerabilities and share findings.