Skip to main content

Cybersecurity

General cybersecurity news and analysis

Technician in server room checking a blurred screen with daylight through large windows.

Microsoft Resolves BitLocker Recovery Bug in Windows Server 2025 Update

Microsoft has fixed a frustrating bug in the April 2026 security update for Windows Server 2025 that could have forced devices into BitLocker recovery mode, and the solution is now available in two cumulative updates, KB5094125 and KB5093998. This fix ensures a smoother experience for users by preventing unexpected BitLocker recovery key prompts.

Analyst 207
Office scene with computer and spreadsheet, natural light through window.

CEO's Password Practice Exposes Firm to Breach Risk

A CEO's outdated password policy left his 2,000-strong company vulnerable to a potential data breach, after he stored all employee usernames and passwords in a single Excel spreadsheet on his desktop. This alarming security risk was only resolved after months of persistence, when the IT team proved they could manage messages centrally without needing everyone's login details.

Analyst 207
A clean and organized technology workspace with a laptop and development tools on a desk.

GitHub Disrupts Supply Chain Attacks by Blocking npm Install Scripts

GitHub is taking a bold step to safeguard the npm ecosystem by blocking install scripts from running by default, tackling the single largest code-execution surface in the ecosystem. This move, part of npm 12's release, aims to prevent supply chain attacks by requiring explicit permission for scripts to run.

Analyst 207
Federal cybersecurity team in a bright, secure operations center with a large window.

CISA Overhauls Vulnerability Patching with Smarter Prioritization Directive

The Cybersecurity and Infrastructure Security Agency (CISA) has rolled out a game-changing directive that revolutionizes vulnerability patching with a smarter approach to prioritization, empowering federal agencies to tackle fixes more efficiently. By introducing clear guidelines and timelines, CISA is helping agencies focus on the most critical patches first, based on criteria like exposure, exploitability, and real-world threat activity.

Analyst 207
Developer workspace with laptop, terminal, and notes, hinting at software installation.

GitHub Bolsters npm Security to Thwart Supply-Chain Attacks

GitHub's upcoming npm v12 update is a game-changer for supply-chain security, as it will require explicit approval for automated actions like install scripts and dependency resolution that are often exploited by attackers. This move aims to shut down common code-execution paths and give developers, CI/CD pipelines, and security teams greater control over their code.

Analyst 207
Office worker sits at desk with laptop, surrounded by papers, with a concerned expression.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software

Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

Analyst 207
Laptop screen on a neutral surface in a bright, clean tech facility setting.

Fortinet, Ivanti, SAP Patch Critical Vulnerabilities

This week, Fortinet, Ivanti, and SAP issued urgent patch rollouts to fix critical vulnerabilities that could allow hackers to execute remote code or gain unauthorized access to sensitive systems. The flaws, affecting sandboxing infrastructure, mobile gateway software, and core enterprise apps, carry high severity scores and demand immediate attention.

Analyst 207
Developer workstation with laptop, notes, and coding books under indoor lighting.

GitHub Overhauls npm Defaults to Thwart Script-Based Attacks

GitHub is taking a major step to boost npm security by changing its default settings to block automatic execution of install-time lifecycle scripts, a common vulnerability exploited in script-based attacks. Starting with npm 12, these scripts will require explicit permission to run, unless explicitly allowed via a new allowlist mechanism.

Analyst 207
Windows Update screen on laptop shows stalled progress bar and error message in brightly-lit home office setting.

Microsoft Warns of Windows Update Failures After 11 Upgrades

Beware: if you've upgraded to the latest Windows 11 versions, you might be at risk of update failures, with error codes 0x80073712 or 0x800f0993 popping up when trying to install crucial security patches. Microsoft warns that a small percentage of devices are affected, so it's essential to check your update history and logs to catch any issues.

Analyst 207
Technicians in a server room focus on equipment with a monitor nearby.

Ivanti Warns of Critical Bugs in Sentry Software, Urges Immediate Patching

Ivanti is urging Sentry customers to patch immediately due to critical bugs affecting versions 10.0 and 9.9, and it's crucial to act now to avoid potential security risks. Don't delay - apply the necessary patches to keep your system secure.

Analyst 207
Rows of computers in a bright, clean room symbolize vulnerability management and patching.

Microsoft Patch Tuesday Disrupts 206 Vulnerabilities, Including Zero-Days

Microsoft just dropped a massive Patch Tuesday update, fixing a record 206 security vulnerabilities in its software - including three already publicly known flaws - to keep your digital world safe and secure. This critical update tackles a wide range of threats, from remote code execution and privilege escalation to spoofing and more.

Analyst 207
Person sits at cluttered desk with concerned expression, surrounded by papers and laptop.

Identity Crime Incidents Multiply for Victims, ITRC Data Reveals

The alarming rise in identity crime incidents is not just about the numbers, but also the disturbing pattern of recurrence, with nearly 26% of victims experiencing multiple concurrent incidents, according to the Identity Theft Resource Center's 2026 Trends in Identity Report. This growing multi-layered crisis sees single compromises snowballing into additional incidents across accounts and institutions.

Analyst 207
Windows computer setup on an office desk with a blank laptop screen and generic desktop background.

Microsoft Fixes Zero-Days in June Patch Tuesday Update

Microsoft just dropped some critical patches in its June update, fixing three zero-day vulnerabilities that left Windows systems open to attacks - and one security researcher isn't happy about the delayed fix. The update squashes bugs that allowed hackers to escalate privileges or bypass disk encryption.

Analyst 207
Person stands before large screen displaying complex network diagram for risk assessment.

CISA Directive Overhauls Cyber Risk Prioritization Across Agencies

The Cybersecurity and Infrastructure Security Agency is shaking up its approach to cyber risk with a new directive that prioritizes impact over raw vulnerability counts, helping agencies focus on protecting what matters most. Acting director Nick Andersen urges a pragmatic approach, acknowledging that some systems are more critical than others.

Analyst 207
Software development workspace with laptop, notes, and diagrams on a wall or board.

Anthropic's Vulnerability Tool Yields Mixed Results

Anthropic's Project Glasswing, launched in April, aimed to empower companies to detect and fix software vulnerabilities using its innovative Mythos model, but the results have been mixed. The initiative has generated significant buzz, with many outlets picking up Anthropic's messaging, but the actual impact remains to be seen.

Analyst 207
Brightly-lit lab with computer workstations and equipment, large screen displays abstract code representation.

Microsoft Unveils Record 200 Patches, Warns of Rising AI-Driven Flaws

Microsoft just dropped a record 200 security patches to fix critical flaws in Windows and supported software, with nearly three dozen vulnerabilities rated as critical and at least three already being exploited by hackers. This massive update signals a new normal in vulnerability disclosure, with AI-driven flaws on the rise.

Analyst 207
Close-up of a GPS satellite dish pointing towards the sky with signal transmission lines and technical equipment in the…

Military GPS Broadcasts Conceal Encryption Keys

For nearly two decades, the US military has been secretly broadcasting encryption codes through public GPS signals, turning satellites into hidden messengers that beam mysterious information to any device that uses GPS. This covert operation was uncovered by researchers, led by Steven Murdoch, who stumbled upon a digital trail that revealed the surprising truth.

Analyst 207
Rows of servers and storage systems in a cloud data center or server room.

Attackers Target Cloud Logging Services for Defense Evasion and Continuous Visibility

Cloud logging services, like AWS CloudTrail and Google Cloud Logging, are a treasure trove of insights into your cloud environment - but they're also a prime target for attackers looking to erase their tracks or gain continuous visibility into your operations. By manipulating these services, adversaries can create persistent blind spots that leave you vulnerable.

Analyst 207
Security team monitors display system health and vulnerability management dashboards in a bright tech operations room.

Microsoft Patch Tuesday Disrupts 200 Vulnerabilities, Zero-Day Exploits

Microsoft's June Patch Tuesday update is a doozy, tackling a whopping 200 vulnerabilities, including three zero-day exploits and 33 critical flaws that could lead to remote code execution. This crucial update aims to prevent a range of issues, from denial-of-service attacks to elevation of privilege and information disclosure.

Analyst 207
Node.js application running on a laptop in a developer's workspace with daylight in the background.

Protobuf.js Vulnerabilities Expose Node.js Apps to Code Execution, DoS

A single malicious protobuf schema could be all it takes to trigger crashes, corrupt runtimes, or even execute code in vulnerable Node.js apps, warns Cyera security researcher Assaf Morag. Six newly identified vulnerabilities in protobuf.js, known as Proto6, carry high severity scores and could put your app at risk.

Analyst 207
Well-organized tech workspace with personnel working at computer workstations.

Microsoft Patch Tuesday Release Sets Record with 206 CVEs Addressed

Microsoft just dropped a record-breaking Patch Tuesday update, fixing a whopping 206 vulnerabilities across its products - including 38 critical ones. This massive release surpasses previous months and confirms a trend towards larger updates, raising both relief and concern among security experts.

Analyst 207
Federal officials gather around a conference table with screens displaying risk assessment data and charts.

CISA Overhauls Risk Prioritization Approach for Federal Agencies, Private Sector

CISA is shaking up its approach to risk prioritization, urging a smarter strategy for applying patches and tackling vulnerabilities. Acting director Nick Andersen emphasizes the need to focus on what matters most, rather than rushing to apply every patch as soon as it's released.

Analyst 207
Technology company's workspace with multiple workstations and screens, laptop screen blurred in foreground.

Microsoft Patch Tuesday Update Sets Record with 206 Vulnerabilities Fixed

Microsoft just dropped a record-breaking Patch Tuesday update, fixing a staggering 206 vulnerabilities in a single swoop - a move that's both impressive and concerning. This massive update is part of a larger trend, with nearly half of this year's patches containing triple-digit numbers of fixes.

Analyst 207
Laptop on office desk with smartphone and notepad, in front of blurred window background.

AI Agents Vulnerable to Phishing Attacks, Expose Sensitive Data

Researchers put an AI agent named Pinchy to the test with classic phishing simulations, and the results were alarming: sometimes it fell for the bait, spilling sensitive data, and other times it successfully blocked the attacks. The experiment revealed a stark vulnerability - AI agents can be tricked into exposing confidential information.

Analyst 207