Skip to main content

Cybersecurity

General cybersecurity news and analysis

IT staff inspect equipment in a brightly-lit, modern enterprise data center.

SAP Patches Critical Flaws in NetWeaver and Commerce Cloud

SAP has patched 15 vulnerabilities, including four critical flaws in NetWeaver and Commerce Cloud, to safeguard its core application platform and e-commerce solutions from potential threats. These critical fixes aim to protect businesses from severe security breaches.

Analyst 207
Dimly lit server room with a single brightly lit computer terminal in the foreground.

Veeam Patches Backup Flaw That Enables Remote Code Execution

Veeam has urgently patched a critical backup flaw, CVE-2026-44963, that allowed remote code execution with just domain user credentials, scoring a severe 9.4 out of 10 in severity. The update to version 12.3.2.4854 fixes this vulnerability, preventing attackers from running malicious code on the Backup Server.

Analyst 207
Windows 10 laptop on a desk showing a Windows Update settings page with a progress bar.

Microsoft Bolsters Windows 10 with Extended Security Update

Microsoft just dropped a vital update for Windows 10 users, packed with critical security fixes, including patches for 200 vulnerabilities and three zero-day flaws. If you're running Windows 10 Enterprise LTSC or are part of the Extended Security Updates program, you can easily grab the update by checking for new updates in your Windows Update settings.

Analyst 207
Technicians monitor sections of an industrial control room with scattered stations and a large window showing an industrial…

Operational Technology Cybersecurity Gaps Persist Despite Growing Maturity

Many industrial organizations are bolstering their operational technology security, but a significant gap remains: 23% of respondents only have visibility into half of their OT environment. This blind spot leaves them vulnerable to ransomware, nation-state actors, and other cyber threats.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room.

Microsoft Patch Tuesday Discloses 3 Zero-Day Flaws Amid 200 Security Fixes

Microsoft just dropped its June Patch Tuesday update, tackling a whopping 200 security flaws, including three zero-day vulnerabilities that need urgent attention. This massive release is a must-address for all organizations running Microsoft software.

Analyst 207
Laptop screen displays Windows Update progress bar on neutral background.

Microsoft Releases June 2026 Patch Tuesday Updates for Windows 11

Stay ahead of security threats with the latest Windows 11 updates, as Microsoft releases its June 2026 Patch Tuesday updates to fix several vulnerabilities and keep your system protected. Simply head to Settings > Windows Update to install the update and ensure your device is secure.

Analyst 207
Smartphone screen displays password manager interface on a clean desk background.

Apple iOS Overhauls Password Security with One-Tap Change Feature

Apple's latest iOS update is revolutionizing password security with a game-changing feature that lets you change compromised passwords with just one tap, giving you a stronger defense against online threats. Say goodbye to password stress and hello to enhanced protection with iOS's cutting-edge update.

Analyst 207
Minimalist lab setting with laptop, coding tools, and monitor displaying lines of code.

Anthropic's Mythos Preview Bolsters Vulnerability Discovery

Anthropic's Mythos Preview is delivering impressive results in vulnerability discovery, with one tester saying it's the closest thing yet to a straightforward find-something solution. Early trials show Mythos Preview excelling in source-code audits and tackling complex tasks like native-code and reverse-engineering workflows.

Analyst 207
Software engineer working with AI coding tools at a desk with multiple laptops and notes.

AI Coding Adoption Outpaces Governance, Raises Security Risks

The rapid adoption of AI coding tools has outpaced governance, with 97% of teams using AI assistants, but only 30% having a fully governed approach to oversight, leaving a significant security risk gap. This disconnect raises concerns about where risks are accumulating and how work is getting done.

Analyst 207
CISO or developer surrounded by screens and code, showing concern and frustration in a dimly lit office with blurred…

CISOs Face Pressure to Deploy Vulnerable Code

The harsh reality is that 95% of CISOs face pressure to downplay or delay reporting security issues, leading to a staggering 75% of organizations deploying vulnerable code into production environments. It's a precarious situation that demands a new approach to prioritize security without sacrificing business goals.

Analyst 207
Rack-mounted backup server in a data center with front panel facing forward.

Veeam Vulnerability Enables RCE Attacks on Backup Servers

A newly discovered vulnerability in Veeam Backup & Replication could allow an authenticated domain user to launch a remote code execution attack on your backup server - a critical target for hackers. Patch now to protect your data: update to version 12.3.2.4854 or later to fix the flaw.

Analyst 207
Rows of rack-mounted servers with a network administrator in the background.

phpBB Flaw Enables Instant Account Takeover

A single HTTP request can give an attacker instant access to any user's account, including administrator accounts, without needing a password - a vulnerability rated 9.4 on the CVSS scale that's affecting phpBB versions up to 3.3.16 and 4.0.0 alpha.

Analyst 207
Person holds smartphone with blurred screen, showing concern in a neutral room with a subtle hint of a world globe in the…

Signal Warns UK Plan to Scan Devices for Nude Images Threatens Global Surveillance

Signal is sounding the alarm on the UK's plan to scan devices for nude images, warning that it threatens global surveillance and undermines the trust that underpins private communications. The encrypted messaging platform is urging caution, saying the proposed mechanism is not only ineffective in keeping children safe, but also dangerously dystopian.

Analyst 207
Technician inspects network infrastructure, highlighting hidden gaps in security tools.

Security Teams Grapple with Hidden Risk in Network Tool Gaps

Despite having unparalleled visibility, many organizations are struggling with a hidden risk - the manual, time-consuming, and error-prone work that happens between their network security tools, from alert validation to change implementation. This operational gap is where security teams lose efficiency and invite vulnerabilities.

Analyst 207
Laptop on a desk with blurred webpage on screen, surrounded by office items.

FROST Attack Exploits SSD Timing to Track User Activity

Imagine a sneaky new technique that lets hackers track your online activity from afar, using just a web page and the timing of your SSD reads - no need to be physically on your device. This clever exploit, dubbed FROST, turns browser storage into a timing spy, revealing your browsing habits and even which native apps you open.

Analyst 207
Employees with laptops and tablets gather in a large, empty office lobby or reception area.

JLR CISO Mandates In-Person Password Resets After Cyber-Attack

After a cyber-attack, JLR's CISO Ashish Shrestha took swift action, mandating an enterprise-wide, in-person password reset for all 30,000 staff to swiftly validate the security of their Microsoft 365 system. This bold move was his top priority to prevent further communication compromise.

Analyst 207
Security researcher working on laptop in lab setting with notes in background.

Zcash Vulnerability Exposes Risk of Fraudulent Transactions

A critical vulnerability in Zcash's Orchard privacy pool was discovered by security researcher Taylor Hornby, exposing a risk of fraudulent transactions and highlighting the importance of rigorous testing and review. The swift discovery was made possible by a commissioned review, underscoring the value of proactive security measures.

Analyst 207
Military personnel interact with computer workstations and large screens in a high-tech operations room.

Defense Teams Face AI-Driven Data Protection Challenges

The explosive growth of AI in the Department of Defense - a 1,775% surge in just one year - is putting intense pressure on defense teams to safeguard sensitive mission data. As AI empowers warfighters to make faster, more precise decisions, the challenge of protecting data at rest has never been more urgent.

Analyst 207
Apple conference setting with presenter at podium, large screen displaying password manager interface in background.

Apple Unveils AI-Powered Tool to Automatically Secure Compromised Passwords

Say goodbye to password anxiety with Apple's latest innovation - an AI-powered tool that automatically secures compromised passwords, giving you peace of mind with just a few clicks. This game-changing feature, part of Apple Intelligence, uses AI to update weak and vulnerable credentials to strong, unguessable passwords.

Analyst 207
Linux workstation in a modern office setting with natural lighting.

Linux Flaw Enables Rapid Local Root Access Escalation

A single-character logic error in Linux's nf_tables code, known as CVE-2026-23111, can quickly turn an unprivileged local account into a powerful root account, allowing for container escape - and publicly available exploit code makes it a pressing concern. This vulnerability has already been patched, but its public exposure puts Linux users at risk.

Analyst 207
Modern server equipment in a well-lit network operations room with a city view.

UniFi OS Bug Lets Hackers Gain Root Without Authentication

A critical bug in UniFi OS can be exploited by hackers to gain root access without any login credentials, user interaction, or prior access, putting your system at risk. Three vulnerabilities, now patched, can be chained together to allow remote code execution with root privileges.

Analyst 207
Dimly lit network operations center with a single laptop screen displaying a VPN connection interface.

Check Point VPN Flaw Exposed, Bypasses Passwords in IKEv1 Setups

A critical flaw in Check Point VPN setups has been exposed, allowing attackers to bypass passwords and establish a VPN session without proper authentication in certain configurations. This vulnerability, tracked as CVE-2026-50751, impacts Remote Access VPN and Mobile Access deployments using the outdated IKEv1 protocol.

Analyst 207
Person working on laptop with cityscape in background, hands poised over keyboard.

OpenAI Bolsters ChatGPT Security With New Controls

OpenAI has introduced Lockdown Mode for ChatGPT, a game-changing security control that limits the model's access to the web and external services, giving users and organizations handling sensitive data an added layer of protection. This new feature is now available to personal and self-serve business accounts, following its initial rollout for enterprise plans in February.

Analyst 207
Security analysts work at a large workstation surrounded by screens displaying data visualizations and threat maps.

Wazuh Cloud Tackles Security Ops Complexity With AI-Driven Analysis

Tired of drowning in security ops complexity? Wazuh Cloud simplifies threat detection and response with AI-driven analysis, freeing you from infrastructure headaches and empowering you to stay ahead of evolving threats like ransomware and supply chain attacks.

Analyst 207