Cybersecurity
General cybersecurity news and analysis

OWASP Researcher Warns of Unsolved Prompt Injection Risk in AI Development
Ariel Fogel, an AI security researcher, warns that organizations are rapidly deploying AI agents without proper governance, leaving a critical vulnerability - prompt injection - unsolved. This architectural flaw in large language models allows inputs to be processed as a single token sequence, with no reliable way to enforce privilege boundaries.

UK's DSIT Bolsters Cyber Defenses for Thousands of Organizations
The UK's Department of Science, Innovation and Technology is supercharging cyber defenses for thousands of organizations, monitoring over half a million domains and helping everything from parish councils to the NHS fix security flaws. By focusing on outcomes rather than tech jargon, they're empowering organizations to take action against cyber threats.

VS Code Introduces 2-Hour Delay for Auto Extension Updates
To give you an extra layer of protection, VS Code will now automatically update extensions two hours after they're published, not immediately - but you can still update them right away if you prefer. This new delay, available in VS Code 1.123, aims to shield you from potentially problematic releases.

OpenAI Bolsters ChatGPT with Lockdown Mode to Curb Data Exfiltration Risks
OpenAI is stepping up ChatGPT's security game with Lockdown Mode, a powerful setting that limits connections to the web and external services to prevent data exfiltration - a game-changer for those handling sensitive information. This advanced feature is now rolling out to eligible accounts, offering stricter protection guarantees.

AI Agent Exposes 21 Zero-Days in Widely Used FFmpeg Library
In a single, remarkable run, an AI-powered security agent uncovered 21 zero-day vulnerabilities in the widely-used FFmpeg library, a feat that cost just $1,000 and showcases the incredible potential of autonomous security testing. The agent scanned 1.5 million lines of code to produce these groundbreaking findings.

Microsoft Revives Vulnerability Disclosure Debate with Researcher Crackdown
Microsoft is stirring up controversy in the vulnerability disclosure debate, clashing with a security researcher over the responsible handling of zero-day vulnerabilities. The tech giant's strong response, including threats of legal action, has sparked heated discussion on coordinated disclosure.

US Crackdown Targets Dark Web Drug Trafficker with 26-Year Sentence
In a major victory for justice, Darren Hughes, a 39-year-old dark web drug trafficker, has been sentenced to over 26 years in federal prison for peddling poison to unsuspecting victims. This harsh sentence sends a strong message to those who think they can hide behind the anonymity of the dark web.

AI Agents Expose Security Risks in 93% of Organizations
Most organizations are unwittingly rolling out AI agents with access to sensitive tasks, leaving them vulnerable to security breaches. In fact, only 32% of teams feel very confident they could recover from exposed admin credentials, highlighting a disturbing gap in control and preparedness.

SOCs Struggle to Unlock AI Value Amid Fragmented Architecture
Despite aggressive AI adoption, with surging growth in tools like large language models and AI co-pilots, a mere 10% of Security Operations Centers (SOCs) report that AI has delivered excellent value to their operations. Most SOCs are left wondering if their AI investments are truly paying off.

AI Coding Tools Require Embedded Security to Counter Emerging Risks
Security can't keep pace with AI coding tools unless it's embedded from the start - after all, with hundreds of daily code changes, it can't be a bolt-on activity that happens after the fact. It needs to be a fundamental part of the creation process itself.

Healthcare Sector Targets Urgent Shift to AI-Powered Cybersecurity
The healthcare sector is on high alert: with a toxic mix of outdated infrastructure, hyper-connectivity, and human fatigue creating a perfect storm of risk, reactive cybersecurity approaches are no longer cutting it. It's time for healthcare organizations to urgently shift to AI-powered cybersecurity to stay ahead of rapidly evolving threats.

Cybersecurity Industry Scrambles to Adapt to AI-Powered Vulnerability Discovery
In a flash, an AI-powered tool uncovered a vulnerability that took down Moderna's development environment, leaving security teams scrambling to keep up with the lightning-fast capabilities of emerging tech. This game-changing incident highlights the incredible potential of AI-driven testing to expose weaknesses that human testers might miss.

Congress Wrestles with CISA Funding Amid Rising Cyber Threats
Democrats are pushing back against a draft Republican spending bill that slashes $250 million from the Cybersecurity and Infrastructure Security Agency's funding, despite a surge in sophisticated cyber attacks. The proposed $2.4 billion budget falls short of last year's agreed-upon $2.6 billion, sparking concerns about the nation's cyber defenses.

Brave Launches Paid Browser Stripping Monetization Features
Meet Brave Origin, a paid browser that strips away unnecessary features for a streamlined, private browsing experience. This minimalist edition is perfect for users who want Brave's renowned privacy without the extra integrations.

Codex Agent Uncovers Lethal HTTP/2 DoS Exploit
A home computer on a typical 100Mbps connection can cripple a vulnerable server in mere seconds with the HTTP/2 Bomb, a potent DoS exploit that combines two decade-old attack techniques. This devastating attack exhausts server memory by sending tiny, compressed HTTP/2 header fragments and holding connections open, taking the service offline.

Everest Forms Pro Flaw Exploited for Remote Code Execution
A critical flaw in the Everest Forms Pro WordPress plugin, CVE-2026-3300, has been exploited over 29,300 times, allowing attackers to execute remote code on vulnerable sites. This vulnerability was caused by a simple calculation feature that was not properly sanitized, leaving sites open to unauthenticated attacks.

Cisco Fixes Unified CM Flaw as Exploit Code Goes Public
Cisco has patched a critical vulnerability in its Unified Communications Manager, known as CVE-2026-20230, which could allow hackers to write arbitrary files to the server's operating system and potentially escalate privileges to root. With proof-of-concept exploit code now public, the threat level has significantly increased.

AI Agents Expose Enterprise Security Gaps
Researchers uncovered 344 alarming cases of AI agents wreaking havoc on enterprises between 2023 and 2026, highlighting the devastating consequences of unchecked AI privileges. This stark statistic exposes the brittle nature of operations when AI acts without human oversight.

Microsoft Resolves Windows Driver Update Glitch Tied to Caching Issue
Microsoft fixed a glitch that caused some Windows devices to install drivers despite having auto-update policies in place, tracing the issue to a caching service misconfiguration. The company has since updated the affected service cache to prevent similar problems.

Meta's AI Chatbot Exposed to Account Takeover Vulnerability
A recent vulnerability in Meta's AI chatbot has raised red flags about the security of LLM chatbots, which can be exploited through various tactics that are difficult to block. This alarming weakness was demonstrated in a video showing an attacker taking over an Instagram account by simply interacting with Meta's AI support chatbot.

Proton Fortifies Defenses Against Cybercriminal Exploitation
Proton's end-to-end encryption ensures that even the company itself can't access your message contents or location, creating a fortress of trust and security for its users. This fundamental limit is a deliberate design choice, prioritizing user privacy and protection against cybercriminal exploitation.

AI Models Outpace GPT-5.5 in Chrome Vulnerability Exploits
Meet ExploitBench, a groundbreaking benchmark that puts AI models to the test, pushing them to go beyond mere vulnerability detection and actually exploit real-world flaws - and the results are in. This innovative tool, developed by Bugcrowd and Carnegie Mellon University experts, grades AI models on their ability to chain discoveries into usable exploits, revealing surprising capabilities.

UK Duo Ordered to Repay £118k for Selling Car Crash Victims' Data
Two former RAC employees have been ordered to repay £118k for selling personal data of car crash victims, a stark reminder that justice can extend far beyond prison sentences. This significant repayment demonstrates the Information Commissioner's Office's commitment to upholding data protection laws.

Cisco Patches Critical Unified CM Flaw Exploitable for Root Access
Cisco has patched a critical flaw in its Unified Communications Manager (Unified CM) that allowed hackers to remotely gain root access - a vulnerability that could be exploited with a simple, crafted HTTP request. This security gap could have let attackers take full control of affected devices, so it's crucial that the patch is applied ASAP.