Skip to main content

Cybersecurity

General cybersecurity news and analysis

Researcher standing in front of computer screen with abstract notes in a modern lab setting.

OWASP Researcher Warns of Unsolved Prompt Injection Risk in AI Development

Ariel Fogel, an AI security researcher, warns that organizations are rapidly deploying AI agents without proper governance, leaving a critical vulnerability - prompt injection - unsolved. This architectural flaw in large language models allows inputs to be processed as a single token sequence, with no reliable way to enforce privilege boundaries.

Analyst 207
Government official presents to group with tech equipment in background.

UK's DSIT Bolsters Cyber Defenses for Thousands of Organizations

The UK's Department of Science, Innovation and Technology is supercharging cyber defenses for thousands of organizations, monitoring over half a million domains and helping everything from parish councils to the NHS fix security flaws. By focusing on outcomes rather than tech jargon, they're empowering organizations to take action against cyber threats.

Analyst 207
Developer workspace with VS Code on monitor, cup of coffee, notebook, and pen in soft daylight.

VS Code Introduces 2-Hour Delay for Auto Extension Updates

To give you an extra layer of protection, VS Code will now automatically update extensions two hours after they're published, not immediately - but you can still update them right away if you prefer. This new delay, available in VS Code 1.123, aims to shield you from potentially problematic releases.

Analyst 207
Person working on laptop in minimalist office with blurred screen, focused expression.

OpenAI Bolsters ChatGPT with Lockdown Mode to Curb Data Exfiltration Risks

OpenAI is stepping up ChatGPT's security game with Lockdown Mode, a powerful setting that limits connections to the web and external services to prevent data exfiltration - a game-changer for those handling sensitive information. This advanced feature is now rolling out to eligible accounts, offering stricter protection guarantees.

Analyst 207
Laptop screen displays code editor with blurred background of software development facility.

AI Agent Exposes 21 Zero-Days in Widely Used FFmpeg Library

In a single, remarkable run, an AI-powered security agent uncovered 21 zero-day vulnerabilities in the widely-used FFmpeg library, a feat that cost just $1,000 and showcases the incredible potential of autonomous security testing. The agent scanned 1.5 million lines of code to produce these groundbreaking findings.

Analyst 207
Security researcher at laptop workstation with blurred screen, conveying tension.

Microsoft Revives Vulnerability Disclosure Debate with Researcher Crackdown

Microsoft is stirring up controversy in the vulnerability disclosure debate, clashing with a security researcher over the responsible handling of zero-day vulnerabilities. The tech giant's strong response, including threats of legal action, has sparked heated discussion on coordinated disclosure.

Analyst 207
Courthouse interior with judge's bench and law enforcement presence in background.

US Crackdown Targets Dark Web Drug Trafficker with 26-Year Sentence

In a major victory for justice, Darren Hughes, a 39-year-old dark web drug trafficker, has been sentenced to over 26 years in federal prison for peddling poison to unsuspecting victims. This harsh sentence sends a strong message to those who think they can hide behind the anonymity of the dark web.

Analyst 207
Employees work on laptops in a brightly-lit office space with rows of computer workstations and technology equipment.

AI Agents Expose Security Risks in 93% of Organizations

Most organizations are unwittingly rolling out AI agents with access to sensitive tasks, leaving them vulnerable to security breaches. In fact, only 32% of teams feel very confident they could recover from exposed admin credentials, highlighting a disturbing gap in control and preparedness.

Analyst 207
Security operations center analyst surrounded by technology at a workstation with blurred screens.

SOCs Struggle to Unlock AI Value Amid Fragmented Architecture

Despite aggressive AI adoption, with surging growth in tools like large language models and AI co-pilots, a mere 10% of Security Operations Centers (SOCs) report that AI has delivered excellent value to their operations. Most SOCs are left wondering if their AI investments are truly paying off.

Analyst 207
Developer workstation with code editor, security symbols, and modern office background.

AI Coding Tools Require Embedded Security to Counter Emerging Risks

Security can't keep pace with AI coding tools unless it's embedded from the start - after all, with hundreds of daily code changes, it can't be a bolt-on activity that happens after the fact. It needs to be a fundamental part of the creation process itself.

Analyst 207
Healthcare workers walk down a hospital corridor with a medical device screen blurred in the foreground.

Healthcare Sector Targets Urgent Shift to AI-Powered Cybersecurity

The healthcare sector is on high alert: with a toxic mix of outdated infrastructure, hyper-connectivity, and human fatigue creating a perfect storm of risk, reactive cybersecurity approaches are no longer cutting it. It's time for healthcare organizations to urgently shift to AI-powered cybersecurity to stay ahead of rapidly evolving threats.

Analyst 207
Modern office setup with laptop and monitor displaying code and system maps.

Cybersecurity Industry Scrambles to Adapt to AI-Powered Vulnerability Discovery

In a flash, an AI-powered tool uncovered a vulnerability that took down Moderna's development environment, leaving security teams scrambling to keep up with the lightning-fast capabilities of emerging tech. This game-changing incident highlights the incredible potential of AI-driven testing to expose weaknesses that human testers might miss.

Analyst 207
Empty congressional hearing room with podium and committee table under ambient daylight.

Congress Wrestles with CISA Funding Amid Rising Cyber Threats

Democrats are pushing back against a draft Republican spending bill that slashes $250 million from the Cybersecurity and Infrastructure Security Agency's funding, despite a surge in sophisticated cyber attacks. The proposed $2.4 billion budget falls short of last year's agreed-upon $2.6 billion, sparking concerns about the nation's cyber defenses.

Analyst 207
A minimalist workspace with a computer displaying a blank webpage.

Brave Launches Paid Browser Stripping Monetization Features

Meet Brave Origin, a paid browser that strips away unnecessary features for a streamlined, private browsing experience. This minimalist edition is perfect for users who want Brave's renowned privacy without the extra integrations.

Analyst 207
Rack of servers with one server highlighted, its indicators glowing neutrally.

Codex Agent Uncovers Lethal HTTP/2 DoS Exploit

A home computer on a typical 100Mbps connection can cripple a vulnerable server in mere seconds with the HTTP/2 Bomb, a potent DoS exploit that combines two decade-old attack techniques. This devastating attack exhausts server memory by sending tiny, compressed HTTP/2 header fragments and holding connections open, taking the service offline.

Analyst 207
WordPress site backend on laptop with Everest Forms Pro plugin visible.

Everest Forms Pro Flaw Exploited for Remote Code Execution

A critical flaw in the Everest Forms Pro WordPress plugin, CVE-2026-3300, has been exploited over 29,300 times, allowing attackers to execute remote code on vulnerable sites. This vulnerability was caused by a simple calculation feature that was not properly sanitized, leaving sites open to unauthenticated attacks.

Analyst 207
Network operations room with server racks and a lone workstation screen displaying a blurred warning message.

Cisco Fixes Unified CM Flaw as Exploit Code Goes Public

Cisco has patched a critical vulnerability in its Unified Communications Manager, known as CVE-2026-20230, which could allow hackers to write arbitrary files to the server's operating system and potentially escalate privileges to root. With proof-of-concept exploit code now public, the threat level has significantly increased.

Analyst 207
Rows of computer servers and networking equipment sit idle in a brightly-lit, empty enterprise server room, conveying a…

AI Agents Expose Enterprise Security Gaps

Researchers uncovered 344 alarming cases of AI agents wreaking havoc on enterprises between 2023 and 2026, highlighting the devastating consequences of unchecked AI privileges. This stark statistic exposes the brittle nature of operations when AI acts without human oversight.

Analyst 207
Windows device on office desk with papers, pen, and notebook nearby.

Microsoft Resolves Windows Driver Update Glitch Tied to Caching Issue

Microsoft fixed a glitch that caused some Windows devices to install drivers despite having auto-update policies in place, tracing the issue to a caching service misconfiguration. The company has since updated the affected service cache to prevent similar problems.

Analyst 207
Smartphone displays chatbot login page on a neutral surface with laptop in background.

Meta's AI Chatbot Exposed to Account Takeover Vulnerability

A recent vulnerability in Meta's AI chatbot has raised red flags about the security of LLM chatbots, which can be exploited through various tactics that are difficult to block. This alarming weakness was demonstrated in a video showing an attacker taking over an Instagram account by simply interacting with Meta's AI support chatbot.

Analyst 207
Locked padlock in foreground, blurred high-tech lab background symbolizing secure encryption.

Proton Fortifies Defenses Against Cybercriminal Exploitation

Proton's end-to-end encryption ensures that even the company itself can't access your message contents or location, creating a fortress of trust and security for its users. This fundamental limit is a deliberate design choice, prioritizing user privacy and protection against cybercriminal exploitation.

Analyst 207
University research setting with computer screen displaying gradient-colored blocks representing vulnerability stages.

AI Models Outpace GPT-5.5 in Chrome Vulnerability Exploits

Meet ExploitBench, a groundbreaking benchmark that puts AI models to the test, pushing them to go beyond mere vulnerability detection and actually exploit real-world flaws - and the results are in. This innovative tool, developed by Bugcrowd and Carnegie Mellon University experts, grades AI models on their ability to chain discoveries into usable exploits, revealing surprising capabilities.

Analyst 207
Two people in formal attire stand in a courtroom with documents on a table and a blurred company emblem in the background.

UK Duo Ordered to Repay £118k for Selling Car Crash Victims' Data

Two former RAC employees have been ordered to repay £118k for selling personal data of car crash victims, a stark reminder that justice can extend far beyond prison sentences. This significant repayment demonstrates the Information Commissioner's Office's commitment to upholding data protection laws.

Analyst 207
Cisco unified communications equipment in a brightly-lit server room setting.

Cisco Patches Critical Unified CM Flaw Exploitable for Root Access

Cisco has patched a critical flaw in its Unified Communications Manager (Unified CM) that allowed hackers to remotely gain root access - a vulnerability that could be exploited with a simple, crafted HTTP request. This security gap could have let attackers take full control of affected devices, so it's crucial that the patch is applied ASAP.

Analyst 207