Cybersecurity
General cybersecurity news and analysis

SAP Patches Critical Flaws in NetWeaver and Commerce Cloud
SAP has patched 15 vulnerabilities, including four critical flaws in NetWeaver and Commerce Cloud, to safeguard its core application platform and e-commerce solutions from potential threats. These critical fixes aim to protect businesses from severe security breaches.

Veeam Patches Backup Flaw That Enables Remote Code Execution
Veeam has urgently patched a critical backup flaw, CVE-2026-44963, that allowed remote code execution with just domain user credentials, scoring a severe 9.4 out of 10 in severity. The update to version 12.3.2.4854 fixes this vulnerability, preventing attackers from running malicious code on the Backup Server.

Microsoft Bolsters Windows 10 with Extended Security Update
Microsoft just dropped a vital update for Windows 10 users, packed with critical security fixes, including patches for 200 vulnerabilities and three zero-day flaws. If you're running Windows 10 Enterprise LTSC or are part of the Extended Security Updates program, you can easily grab the update by checking for new updates in your Windows Update settings.

Operational Technology Cybersecurity Gaps Persist Despite Growing Maturity
Many industrial organizations are bolstering their operational technology security, but a significant gap remains: 23% of respondents only have visibility into half of their OT environment. This blind spot leaves them vulnerable to ransomware, nation-state actors, and other cyber threats.

Microsoft Patch Tuesday Discloses 3 Zero-Day Flaws Amid 200 Security Fixes
Microsoft just dropped its June Patch Tuesday update, tackling a whopping 200 security flaws, including three zero-day vulnerabilities that need urgent attention. This massive release is a must-address for all organizations running Microsoft software.

Microsoft Releases June 2026 Patch Tuesday Updates for Windows 11
Stay ahead of security threats with the latest Windows 11 updates, as Microsoft releases its June 2026 Patch Tuesday updates to fix several vulnerabilities and keep your system protected. Simply head to Settings > Windows Update to install the update and ensure your device is secure.

Apple iOS Overhauls Password Security with One-Tap Change Feature
Apple's latest iOS update is revolutionizing password security with a game-changing feature that lets you change compromised passwords with just one tap, giving you a stronger defense against online threats. Say goodbye to password stress and hello to enhanced protection with iOS's cutting-edge update.

Anthropic's Mythos Preview Bolsters Vulnerability Discovery
Anthropic's Mythos Preview is delivering impressive results in vulnerability discovery, with one tester saying it's the closest thing yet to a straightforward find-something solution. Early trials show Mythos Preview excelling in source-code audits and tackling complex tasks like native-code and reverse-engineering workflows.

AI Coding Adoption Outpaces Governance, Raises Security Risks
The rapid adoption of AI coding tools has outpaced governance, with 97% of teams using AI assistants, but only 30% having a fully governed approach to oversight, leaving a significant security risk gap. This disconnect raises concerns about where risks are accumulating and how work is getting done.

CISOs Face Pressure to Deploy Vulnerable Code
The harsh reality is that 95% of CISOs face pressure to downplay or delay reporting security issues, leading to a staggering 75% of organizations deploying vulnerable code into production environments. It's a precarious situation that demands a new approach to prioritize security without sacrificing business goals.

Veeam Vulnerability Enables RCE Attacks on Backup Servers
A newly discovered vulnerability in Veeam Backup & Replication could allow an authenticated domain user to launch a remote code execution attack on your backup server - a critical target for hackers. Patch now to protect your data: update to version 12.3.2.4854 or later to fix the flaw.

phpBB Flaw Enables Instant Account Takeover
A single HTTP request can give an attacker instant access to any user's account, including administrator accounts, without needing a password - a vulnerability rated 9.4 on the CVSS scale that's affecting phpBB versions up to 3.3.16 and 4.0.0 alpha.

Signal Warns UK Plan to Scan Devices for Nude Images Threatens Global Surveillance
Signal is sounding the alarm on the UK's plan to scan devices for nude images, warning that it threatens global surveillance and undermines the trust that underpins private communications. The encrypted messaging platform is urging caution, saying the proposed mechanism is not only ineffective in keeping children safe, but also dangerously dystopian.

Security Teams Grapple with Hidden Risk in Network Tool Gaps
Despite having unparalleled visibility, many organizations are struggling with a hidden risk - the manual, time-consuming, and error-prone work that happens between their network security tools, from alert validation to change implementation. This operational gap is where security teams lose efficiency and invite vulnerabilities.

FROST Attack Exploits SSD Timing to Track User Activity
Imagine a sneaky new technique that lets hackers track your online activity from afar, using just a web page and the timing of your SSD reads - no need to be physically on your device. This clever exploit, dubbed FROST, turns browser storage into a timing spy, revealing your browsing habits and even which native apps you open.

JLR CISO Mandates In-Person Password Resets After Cyber-Attack
After a cyber-attack, JLR's CISO Ashish Shrestha took swift action, mandating an enterprise-wide, in-person password reset for all 30,000 staff to swiftly validate the security of their Microsoft 365 system. This bold move was his top priority to prevent further communication compromise.

Zcash Vulnerability Exposes Risk of Fraudulent Transactions
A critical vulnerability in Zcash's Orchard privacy pool was discovered by security researcher Taylor Hornby, exposing a risk of fraudulent transactions and highlighting the importance of rigorous testing and review. The swift discovery was made possible by a commissioned review, underscoring the value of proactive security measures.

Defense Teams Face AI-Driven Data Protection Challenges
The explosive growth of AI in the Department of Defense - a 1,775% surge in just one year - is putting intense pressure on defense teams to safeguard sensitive mission data. As AI empowers warfighters to make faster, more precise decisions, the challenge of protecting data at rest has never been more urgent.

Apple Unveils AI-Powered Tool to Automatically Secure Compromised Passwords
Say goodbye to password anxiety with Apple's latest innovation - an AI-powered tool that automatically secures compromised passwords, giving you peace of mind with just a few clicks. This game-changing feature, part of Apple Intelligence, uses AI to update weak and vulnerable credentials to strong, unguessable passwords.

Linux Flaw Enables Rapid Local Root Access Escalation
A single-character logic error in Linux's nf_tables code, known as CVE-2026-23111, can quickly turn an unprivileged local account into a powerful root account, allowing for container escape - and publicly available exploit code makes it a pressing concern. This vulnerability has already been patched, but its public exposure puts Linux users at risk.

UniFi OS Bug Lets Hackers Gain Root Without Authentication
A critical bug in UniFi OS can be exploited by hackers to gain root access without any login credentials, user interaction, or prior access, putting your system at risk. Three vulnerabilities, now patched, can be chained together to allow remote code execution with root privileges.

Check Point VPN Flaw Exposed, Bypasses Passwords in IKEv1 Setups
A critical flaw in Check Point VPN setups has been exposed, allowing attackers to bypass passwords and establish a VPN session without proper authentication in certain configurations. This vulnerability, tracked as CVE-2026-50751, impacts Remote Access VPN and Mobile Access deployments using the outdated IKEv1 protocol.

OpenAI Bolsters ChatGPT Security With New Controls
OpenAI has introduced Lockdown Mode for ChatGPT, a game-changing security control that limits the model's access to the web and external services, giving users and organizations handling sensitive data an added layer of protection. This new feature is now available to personal and self-serve business accounts, following its initial rollout for enterprise plans in February.

Wazuh Cloud Tackles Security Ops Complexity With AI-Driven Analysis
Tired of drowning in security ops complexity? Wazuh Cloud simplifies threat detection and response with AI-driven analysis, freeing you from infrastructure headaches and empowering you to stay ahead of evolving threats like ransomware and supply chain attacks.