Daily Digest

AI, ISO & Cyber News — 8 July 2026

·14 stories

Agentic AI dominates today's digest from both directions: Google expanded managed agents in the Gemini API while researchers showed a plain public GitHub issue can make agentic workflows leak private repositories. On the defensive side, a fifteen-year-old Linux kernel flaw grants root on unpatched machines, CISA flagged four actively exploited vulnerabilities, and the Five Eyes agencies jointly warned about AI models that can hack autonomously. Fresh ISO certifications round out the day. Each story is summarized in our own words with a link to the original reporting.

AI

Google expands managed agents in the Gemini API

Google announced new capabilities for Managed Agents in the Gemini API, including background tasks and remote MCP support, aimed at letting developers build reliable, production-ready agents.

Source: Google Blog

Meta ships Muse Image, the first model from its Superintelligence Labs

Meta launched Muse Image, the first AI image generation model built by its Superintelligence Labs division, The Verge reports. The model now powers image tools across the Meta AI app, Instagram, and WhatsApp, is coming to Facebook and Messenger, and can pull other Instagram users into AI-generated photos.

Source: The Verge

Anthropic brings Claude Cowork to mobile and web

Anthropic's Claude Cowork platform is available on mobile and web for the first time, The Verge reports. The expanded access is rolling out first to Max subscribers, with users on other plans to follow in the coming weeks.

Source: The Verge

ISO Standards

Incap's Karlsfeld factory earns ISO/IEC 27001:2022 certification

Electronics manufacturer Incap has achieved ISO/IEC 27001:2022 certification for its Karlsfeld factory in Germany, per I-Connect007. Certification against the standard signals an independently audited information security management system covering the site's operations.

Source: I-Connect007

Security, privacy, and AI governance converge on information risk

An ITWeb analysis examines connecting security, privacy, and AI governance to reduce information risk — an integration challenge more organizations face as their management systems for information security, privacy, and artificial intelligence converge.

Source: ITWeb

IT Governance

Report: hybrid IT now dominates enterprise architecture

A new State of the Data Center report finds that hybrid IT now dominates enterprise architecture, with colocation anchoring critical workloads, according to Business Wire.

Source: Business Wire

New standard planned for patient-controlled health records

The Digital Governance Standards Institute is planning a new standard covering patient-controlled health records, Lexpert reports — a governance question that sits at the intersection of health data, consent, and digital identity.

Source: Lexpert

Cybersecurity

GhostLock: 15-year-old Linux kernel flaw gives any user root

Researchers at Nebula Security disclosed GhostLock (CVE-2026-43499), a fifteen-year-old Linux kernel flaw that lets any logged-in user take full root control of an unpatched machine and escape containers, The Hacker News reports. The vulnerable code has shipped by default in essentially every mainstream distribution since 2011.

Source: The Hacker News

CISA adds four actively exploited flaws to the KEV catalog

The U.S. Cybersecurity and Infrastructure Security Agency added four vulnerabilities affecting Adobe, Joomla, and Langflow to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation, The Hacker News reports. Among them is CVE-2026-48282, a path traversal flaw carrying a maximum CVSS score of 10.0.

Source: The Hacker News

A public GitHub issue can make agentic workflows leak private repos

Researchers at Noma Security showed that a normal-looking issue opened on a public repository can trick GitHub Agentic Workflows into leaking the contents of an organization's private repositories, The Hacker News reports. The attack requires no stolen credentials and no prior access to the organization.

Source: The Hacker News

Five Eyes agencies warn about AI models that hack autonomously

National security agencies from the Five Eyes alliance jointly released a statement warning of increasing cyber risks from AI models — in particular their ability to autonomously hack into systems and networks — as discussed by Bruce Schneier.

Source: Schneier on Security

Privacy

Europol denies bypassing EU data protection rules

Europol has denied bypassing EU data protection rules, according to Digital Watch Observatory — pushback that lands amid continuing scrutiny of how EU agencies process personal data.

Source: Digital Watch Observatory

Analysis questions whether Bangladesh's data protection law can deliver

An Asia News Network analysis argues that Bangladesh's new data protection law may fail to protect personal data — a reminder that passing a privacy statute and building enforceable protection are different problems.

Source: Asia News Network

Quality

Tunisia's BH lands a third consecutive ISO 9001 certification

Tunisian bank BH has secured its third consecutive ISO 9001 certification covering its international operations, African Manager reports. Repeated recertification indicates a quality management system that has held up across successive independent audit cycles.

Source: African Manager

Frequently Asked Questions

What is the GhostLock Linux vulnerability?

GhostLock (CVE-2026-43499) is a fifteen-year-old Linux kernel flaw disclosed by Nebula Security that lets any logged-in user take full root control of an unpatched machine, and also enables container escape. Because the vulnerable code has shipped by default in essentially every mainstream distribution since 2011, patching broadly and quickly is the priority.

What does it mean when CISA adds a flaw to the KEV catalog?

The Known Exploited Vulnerabilities catalog lists flaws with evidence of active exploitation in the wild. U.S. federal civilian agencies are required to remediate KEV entries by set deadlines, and many private organizations use the catalog as a prioritization signal for their own patching.

Why are attacks on AI agents like GitHub Agentic Workflows significant?

They show that agentic systems can be compromised through the content they read — a normal-looking public issue, not stolen credentials. As organizations wire AI agents into repositories, inboxes, and internal tools, every piece of untrusted input the agent processes becomes part of the attack surface.

Explore Courses on Udemy

Intermediate

Agentic Design Patterns

Intermediate

Building Effective Agentic Systems with Generative AI

Intermediate

Generative AI for Leaders

Intermediate

Cybersecurity Defense with GenAI

Intermediate

Risks and Cybersecurity in Generative AI

Intermediate

Securing GenAI Systems

Intermediate

ISO/IEC 42001: Artificial Intelligence Management System

Intermediate

OWASP Top 10 for LLM Applications – 2025 Edition

Intermediate

Implement Vulnerability Management Step by Step

Intermediate

Agile Enterprise Architecture

Intermediate

Implement Enterprise Architecture Step by Step

Intermediate

Implement GDPR Step by Step with Templates

Intermediate

ISO/IEC 27701: Implement Privacy Management Step by Step

Advanced

ISO 9001:2015 Lead Auditor

Intermediate

ISO 9001:2015 Implementation Step by Step With Templates

Intermediate

ISO 27001 Certification Process — A Step-by-Step Guide

Intermediate

ISO 27001:2022 Implementation Step by Step with Templates

Summaries are written by Standarity from publicly reported news; each item links to its original source. Facts belong to the linked publishers. Something off? Let us know.