EVA Tech BriefIT/DevOps

2026-05-23 - 7:30 PM PKT

Frontier LLMs

Anthropic's Project Glasswing Finds 10,000+ Critical Vulnerabilities in Major Software

Anthropic disclosed that Project Glasswing has uncovered over 10,000 high- or critical-severity vulnerabilities across systemically important software since launching last month. About 50 partner organizations are using Claude to autonomously scan codebases, marking a significant milestone in AI-powered security research.

GPUs and Silicon

Cloud and Infra

Pakistan Tech

Alibaba Launches Accio Work AI Agent Platform in Pakistan for SME Exporters

Alibaba.com launched Accio Work in Pakistan, an agentic AI business platform for small and medium exporters. The autonomous, plug-and-play system handles end-to-end business operations, from sourcing to logistics, as Pakistan's IT exports hit a record $3.8 billion in FY25.

P@SHA Demands Tax Reforms to Close Remote Worker Loophole in FY27 Budget

Pakistan Software Houses Association released policy recommendations for the Federal Budget 2026-27, demanding structural tax reforms to level the playing field between registered IT companies and remote freelancers operating outside the tax net.

Security

CISA Contractor Publishes AWS GovCloud Keys on Public GitHub, Lawmakers Demand Answers

US lawmakers in both houses of Congress are demanding answers from CISA after a contractor intentionally published AWS GovCloud keys and agency secrets on a public GitHub repo. CISA is still scrambling to contain the breach and invalidate leaked credentials.

LiteSpeed cPanel Plugin CVSS 10.0 Flaw Under Active Exploitation

A maximum-severity vulnerability (CVE-2026-48172, CVSS 10.0) in LiteSpeed's cPanel plugin is being actively exploited in the wild. The flaw allows any cPanel user to run arbitrary scripts with root privileges through incorrect privilege assignment.

Dev Tools

npm Sigstore Provenance Bypassed via Stolen Maintainer Accounts

633 malicious npm package versions passed Sigstore provenance verification after attackers compromised maintainer accounts and generated valid signing certificates. The attack highlights that provenance attestation only verifies build origin, not publisher intent - trust still depends on account security.

Laravel-Lang PHP Packages Compromised in Supply Chain Attack

Multiple PHP packages in the Laravel-Lang project were compromised to deliver a cross-platform credential-stealing framework. The affected packages (lang, http-statuses, attributes, actions) were injected with malicious code through freshly published tags.