Skip to main content

Cybersecurity

General cybersecurity news and analysis

Windows 10 laptop screen on a neutral surface with a blurred office background.

Microsoft Bolsters Windows 10 Security with KB5099539 Update

Microsoft just released a major security update for Windows 10, packed with fixes for a whopping 570 vulnerabilities, including some that were already being exploited by hackers. The KB5099539 update is a crucial security boost for Windows 10 users, with no new features but essential bug fixes and protection.

Analyst 207
Windows 11 laptop on a clean surface with update settings on screen.

Microsoft Releases Mandatory Windows 11 Updates to Fix 571 Vulnerabilities

Microsoft is rolling out mandatory Windows 11 updates to fix a whopping 571 security vulnerabilities discovered in previous months. To get the fixes, simply head to Settings > Windows Update and click Check for Updates.

Analyst 207
Laptop screen with blurred background displays patch management system interface.

Microsoft Patch Tuesday Disrupts 570 Flaws, Fixes 3 Zero-Days

Microsoft just dropped a massive Patch Tuesday update, tackling a record-breaking 570 security flaws, including three zero-day vulnerabilities that hackers were exploiting or had publicly disclosed. This critical update is a must-apply to keep your systems safe.

Analyst 207
Law enforcement officer stands by podium with laptop in briefing room.

UK Man Jailed for Inciting Swatting Attacks Globally

A Welsh man has been jailed for encouraging swatting attacks worldwide, a stark reminder that this so-called prank can have deadly consequences. Callum Dare, 26, played a key role in a dark web forum, fueling a campaign of harassment and terror that spanned three countries.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit data center with a single server prominently displayed…

RabbitMQ Flaws Expose OAuth Secrets, Cross-Tenant Data

Critical flaws in RabbitMQ, known as CVE-2026-57219, can expose sensitive OAuth secrets to attackers in just one request, putting your messaging infrastructure at risk of a full takeover. Two newly disclosed access-control flaws threaten OAuth client secrets and cross-tenant isolation, affecting RabbitMQ releases from 3.13.0 and later.

Analyst 207
Modern security operations center with people working in background, focusing on futuristic cybersecurity workstation.

Pentera Injects Validation into AI-Driven Security Workflows

Pentera is revolutionizing AI-driven security by injecting validation into workflows, empowering teams to turn disconnected risk signals into decisive action against real attack paths. By safely emulating attacker techniques, Pentera provides the evidence needed to transform guesswork into effective security measures.

Analyst 207
Person sitting at desk with laptop and crypto wallet interface surrounded by multiple monitors in a university setting.

Crypto Wallets Expose Users to Cross-Site Tracking Risks

Researchers at KU Leuven have uncovered a concerning vulnerability in popular crypto wallets, finding that they can leak user data, allowing for cross-site tracking and linking of separate addresses. This issue affects around 35 million users of 85 widely-used browser-extension wallets.

Analyst 207
Security analysts work amidst a chaotic atmosphere in a brightly-lit operations center.

Vulnerability Management Lagging Behind AI-Driven Exploit Boom

The threat landscape is evolving at breakneck speed, with a new vulnerability emerging every 7.4 minutes and AI-driven tools slashing the time it takes to turn these vulnerabilities into active threats. As a result, traditional vulnerability management strategies are struggling to keep pace with the sheer volume and velocity of attacks.

Analyst 207
Motherboard components and UEFI firmware chip in a well-lit lab setting.

Microsoft-Signed Linux UEFI Shims Expose Secure Boot Bypass Risk

A newly discovered vulnerability in 11 Microsoft-signed Linux UEFI shims could allow hackers to bypass Secure Boot and deploy malicious code during system startup, putting your device at risk of infection with UEFI bootkits or other malware. This security flaw enables attackers to execute untrusted code during boot, making it a critical threat to your system's security.

Analyst 207
Dimly lit server room with exposed cables and a hint of data deletion.

Musk Vows Data Purge After Grok Exposes User Repos

Elon Musk has vowed to wipe out all user data uploaded to SpaceXAI, following a shocking discovery that the company's AI tool, Grok Build, was secretly sending entire repositories, complete with full Git history and raw files, to a Google Cloud Storage bucket. The purge promises a clean slate, with Musk assuring that zero data will remain.

Analyst 207
Person holding smartphone with biometric authentication, in modern office setting.

Microsoft Entra ID Shifts to Passkey Authentication Default

Microsoft is shaking things up with its Entra ID service by making passkey authentication the default method starting September 2026, and users currently relying on SMS or voice authentication will be automatically transitioned to passkeys. By February 1, 2027, SMS and voice authentication will be phased out, marking a significant shift towards more secure passkey technology.

Analyst 207
SAP headquarters building exterior with people walking in and out, surrounded by greenery.

SAP Patches Critical Flaws in NetWeaver, Commerce Cloud

SAP has patched critical flaws in its NetWeaver and Commerce Cloud products, including a vulnerability in NetWeaver Application Server ABAP that allows authenticated attackers to cause memory corruption, potentially leading to data breaches or system downtime. This fix is part of SAP's July 2026 security package, which addresses 16 vulnerabilities across multiple products.

Analyst 207
Brightly-lit server room with multiple computer workstations symbolizing identity security risks.

NSA, CISA Warn Federal Agencies of Identity Security Risks

The NSA and CISA are sounding the alarm: identity security risks are now the frontline in federal cybersecurity, with Active Directory and Entra ID being prime targets for cyber attackers. Recent incidents show that nearly 75% of major federal cyber breaches in the last five years involved compromised identities.

Analyst 207
Microsoft Overhauls Windows Search to Prioritize Relevant Results

Microsoft Overhauls Windows Search to Prioritize Relevant Results

Get ready for a faster, more intuitive Windows Search experience! Microsoft has overhauled its search function to deliver more relevant results, making it easier to find what you need, whether you're launching an app, locating a file, or adjusting settings.

Analyst 207
Laptop and external hard drive on a desk with a blurred cloud storage interface nearby, indicating potential data exposure.

Grok Build Exposes Git Repositories to Unintended Storage

Elon Musk has made a bold promise to erase all user data uploaded to Grok Build before now, assuring users that their content will be completely deleted. This move comes after a researcher discovered that Grok Build was inadvertently storing entire Git repositories, including sensitive files and commit history, in a Google Cloud Storage bucket.

Analyst 207
Browser extension icon on a computer screen with a blurred history page in the background on a clean office workspace.

Google and Microsoft Remove ModHeader Extension Exposing Dormant Browsing History Collector

A shocking discovery was made about the popular ModHeader extension, used by 1.6 million Chrome and Edge users, which contained a hidden browsing history collector that thankfully remained dormant. Fortunately, both Google and Microsoft swiftly removed the extension from their stores after it was uncovered.

Analyst 207
People stand on a beach with a subtle network infrastructure pattern in the background.

Varonis Launches Breach at the Beach, a Hands-On Entra ID Training Experience

Get ready to dive into the world of Entra ID with Varonis' immersive Breach at the Beach training experience, where you'll learn to navigate the complex control plane that connects users, applications, and AI-powered workflows. Discover how to defend against threats that exploit non-human identities and automate breaches.

Analyst 207
Person speaking into smartphone in quiet, neutral-colored room with soft daylight.

Meta's AI Patent Tracks Emotions Through Voice, Biometrics

Meta just filed a patent for an AI system that can track emotions through voice and biometric data, potentially allowing for continuous emotional analysis throughout the day. This innovative technology could revolutionize the way we interact with devices, making it possible for them to respond to our emotional needs.

Analyst 207
Cluttered software development workspace with laptop and monitor on a desk.

AI-Generated Code Exposes Governance Gaps in Security Debt

AI-generated code is being produced at alarming rates, but with a catch: nearly half of it contains security flaws, highlighting a pressing need for new approaches to managing security debt. As software creation accelerates, companies must adapt their security strategies to keep pace with the rapid accumulation of vulnerabilities.

Analyst 207
Government building with a stylized network pattern in the foreground, symbolizing cybersecurity regulation.

Australia Urged to Empower ACSC as Cybersecurity Regulator

As cyber threats increasingly put Australia's critical infrastructure, economy, and national resilience at risk, the country faces a critical choice: rely on voluntary measures or establish a robust cybersecurity regulator with the power to enforce minimum standards and hold organizations accountable. Empowering the Australian Cyber Security Centre (ACSC) as a formal regulator could be the key to bolstering the nation's cyber defenses.

Analyst 207
Cluttered workspace with computer, papers, and plant, in a university setting with code on the screen.

Ghostcommit Exposes AI Code Reviewers to Secret Theft via Image Steganography

Researchers have uncovered a sneaky way to steal secrets from AI code reviewers using image steganography, as demonstrated in a proof-of-concept on GitHub. This Ghostcommit technique hides malicious instructions inside PNG images, exploiting a gap in the review process.

Analyst 207
Laptop screen shows brightly-lit email inbox with subtle hint of security threat.

Zimbra Warns of Stored XSS Flaw in Classic Web Client

Zimbra is urging customers to update their Classic Web Client immediately due to a critical vulnerability that could allow hackers to access sensitive mailbox information and execute malicious code via specially crafted emails. Installing the update, specifically upgrading to Zimbra Collaboration Suite version 10.1.19, will help protect against this threat.

Analyst 207
Cybersecurity team works in operations center with daylight and system dashboard.

CISA Bolsters Protections After Major Credential Leak

CISA swiftly sprang into action after discovering a major credential leak on May 15, taking swift and decisive steps to halt the breach and prevent further damage. By sharing their incident response experience, CISA aims to help other organizations bolster their defenses and avoid similar security mishaps.

Analyst 207
Close-up of a circuit board with microcontroller and components, in a laboratory setting with a laptop in the background.

U-Boot Flaws Expose Devices to Stealthy Firmware Attacks

Researchers uncovered six critical vulnerabilities in U-Boot's firmware signature verification code, leaving devices open to stealthy attacks that can execute malicious code at startup. These flaws, ranging from denial of service to arbitrary code execution, highlight a major security risk that needs to be addressed.

Analyst 207