Skip to main content

Cybersecurity

General cybersecurity news and analysis

Diverse professionals in a crisis meeting room with empty whiteboards and blank screens, surrounded by natural daylight.

Cybersecurity Leaders Stress Need for Effective Crisis Playbooks

To navigate a cybersecurity crisis effectively, you need a solid playbook - and that means getting three key things right: identifying the crisis type, assembling the right team, and clarifying roles and responsibilities to build trust. With these pillars in place, you'll be better equipped to tackle even the toughest challenges with confidence.

Analyst 207
Ukrainian government building interior with people preparing for a meeting or briefing.

Ukraine's Cybersecurity War: Resilience Trumps Reaction

In the face of uncertainty, cybersecurity experts can develop essential habits through practice, brainstorming, and preparation, turning crisis response into muscle memory. By focusing on preparation, resilience, and self-reliance, organisations and individuals can build the instincts needed to navigate turbulent times.

Analyst 207
Person in a data center examines laptop with focused expression.

Security Leaders Scramble to Accelerate Post-Quantum Cryptography Transition

The pressing question isn't when quantum computers will crack today's encryption, but whether organizations will be prepared to make the switch to post-quantum cryptography before it's too late. With only 8% of SSH servers currently making the transition, experts warn that the time to act is now.

Analyst 207
Diverse high school students gather around a table with laptops and cybersecurity equipment in a brightly-lit classroom.

Cybersecurity Language Excludes Talent

The language used in cybersecurity can be a major turn-off, as one panelist discovered when a high school student sniggered at the term "penetration tester" - a reaction that sparked a thought-provoking question about who this language invites into the field, and who it inadvertently shuts out. This moment highlights a broader cultural issue in cybersecurity's approach to attracting new talent.

Analyst 207
Circuit board on a lab bench with blurred technical instruments in the background.

Autonomous AI Tool Exposes 2-Year-Old Redis RCE Flaw

A 2-year-old vulnerability in Redis, tracked as CVE-2026-23479, went undetected until a cutting-edge autonomous AI tool uncovered it, revealing a critical remote code execution flaw that had been hiding in plain sight. This shocking discovery highlights the power of AI in uncovering even the most elusive security threats.

Analyst 207
Smartphone on a neutral surface with a blurred mobile app interface and a hint of a cityscape through a nearby window.

Microsoft 365 Android Apps Expose Account Tokens Due to Debug Flag Oversight

A single line of code, "setIsDebugMode(true)," inadvertently left in multiple Microsoft 365 Android apps, created a gaping security hole that allowed other apps on the same phone to access sensitive account tokens without user permission. This tiny oversight, discovered by Enclave's Yanir Tsarimi and Ofek Levin, exposed users to potential security risks.

Analyst 207
Researcher examines radio frequency demonstration setup in laboratory.

Researchers Expose Vulnerability in Anti-Jamming Tech

Researchers have uncovered a shocking weakness in anti-jamming technology, revealing that curved radio beams can outsmart even the most advanced direction-finding defenses. In lab tests, this vulnerability led to disastrous errors, leaving traditional safeguards useless.

Analyst 207
Modern IT operations area with computers, servers, and networking equipment in a clean and organized setup.

Vulnerability Patching Lag Exposes 91% of Organizations to Known Threats

The alarming truth is that 91% of organizations are leaving themselves exposed to known threats due to a vulnerability patching lag, with only 9% able to remediate high-severity flaws within a critical 24-hour window. This delay is not just a statistic - it's a recipe for disaster, with organizations that patch more slowly facing significantly higher breach rates.

Analyst 207
Person sitting at laptop in modern workspace with code on nearby monitor.

Bug Hunter Exposes Microsoft VS Code Flaw in Protest of Disclosure Handling

A bug hunter's frustrating experience with Microsoft's disclosure process sparked a protest, as Ammar Askar publicly exposed a VS Code flaw that could allow attackers to steal OAuth tokens and access GitHub repositories. Askar's proof-of-concept exploit highlights the vulnerability, which was previously mishandled by Microsoft's security response team.

Analyst 207
Bank lobby with a subtle hint of vulnerability on a computer screen.

Banks' Annual Testing Model Leaves 345 Days of Unvalidated Exposure

Imagine having 345 days of potential vulnerability, with hackers free to exploit your defenses while you wait for your annual security test. That's the harsh reality of the traditional annual testing model, which leaves your business exposed for nearly 11 months of the year.

Analyst 207
Young tech CEO Lucas Masson smiles on stage, accepting an award.

Konvu Wins Top Honors in Infosecurity Europe Cyber Startup Award

Konvu took top spot in the Infosecurity Europe Cyber Startup Award, impressing judges with its innovative solution and beating out four other contenders. CEO Lucas Masson was thrilled, saying it was a huge honor for their solution to resonate with the judges.

Analyst 207
Modern enterprise environment with multiple screens, laptops, and systems in use, conveying fragmentation and decentralized…

Identity Visibility Platforms Shrink IAM Attack Surface

Nearly half of all identity activity in enterprises remains invisible to centralized identity and access management, creating a hidden risk that can leave organizations vulnerable to attacks. This "Identity Dark Matter" emerges as identities multiply across apps, teams, and systems, outpacing the ability of security teams to keep control.

Analyst 207
Business executive presenting to an audience in a modern boardroom.

Boards Urged to Prioritize Cyber Risk Quantification

To make cyber risk more tangible and actionable, boards are advised to prioritize quantifying it in terms of dollar value, allowing managers across the organization to understand and address potential threats more effectively. By translating cyber risk into a clear financial impact, companies like BP are better equipping themselves to manage and mitigate digital threats.

Analyst 207
Government representative and AI developers collaborate around a covered AI model, laptops, and notes in a conference room.

US Invites AI Developers to Voluntary Cybersecurity Review

The US government is taking a collaborative approach to AI cybersecurity, inviting developers to voluntarily review their most powerful models and give the government a 30-day heads-up before releasing them to trusted partners. This move aims to create accountability and ensure responsible AI development, with experts agreeing that real accountability is key to making voluntary security programs effective.

Analyst 207
Windows computer on office desk with network cable, screen off or blank.

Unpatched Windows Search Flaw Exposes User Hashes

A newly discovered vulnerability in Windows' search feature can be exploited to steal user passwords, allowing hackers to gain access to sensitive information. By simply clicking on a malicious link, a user's login credentials can be exposed to attackers.

Analyst 207
Server room with equipment and cables, highlighting a generic server rack in the foreground.

HTTP/2 Bomb Vulnerability Targets Major Web Servers with Remote DoS Exploit

A newly discovered HTTP/2 Bomb vulnerability can be exploited to launch a remote Denial of Service (DoS) attack on major web servers, taking advantage of a weakness in the default HTTP/2 configuration. This flaw cleverly combines a compression bomb and a Slowloris-style hold to target HPACK, HTTP/2's header-compression scheme.

Analyst 207
Diverse group of people collaborate in modern conference room with laptops and notepads.

Anthropic Widens AI Vulnerability Detection to 200 Organizations

Anthropic's Project Glasswing just got a major boost, expanding its AI-powered vulnerability detection to 200 organizations across 15 countries, helping to safeguard critical software in power, water, healthcare, and more. This significant growth builds on the program's success, with its advanced AI model, Claude Mythos Preview, already uncovering over 10,000 high-priority vulnerabilities.

Analyst 207
Cybersecurity team works in office setting with laptop and blurred screen.

AI-Driven Patching Pressures Redefine Vulnerability Response

The window between patch release and exploitation has dramatically shrunk to just six hours and 40 minutes, leaving organizations scrambling to keep up with increasingly rapid vulnerability response. This alarming trend is fueled by the growing power of large language models that can autonomously discover and even fix vulnerabilities.

Analyst 207
Smartphone displays call interface with warning message on screen.

Google Bolsters Android Defenses Against AI-Powered Scam Calls

Google's new fake call detection feature sends a silent signal to verify the caller, instantly warning you if a scammer tries to impersonate someone you know. If the signal is missing, your device double-checks with the caller's actual phone to keep you safe.

Analyst 207
Cybersecurity professional works in modern operations center with computer screens and equipment.

Defensive Cyber Evolves to Counter AI-Driven Threats

The cyber threat landscape is undergoing a seismic shift, with AI-driven attacks now unfolding at a breathtaking pace and scale that traditional defenses can't keep up with. This exponential explosion of attacks is ratcheting up the stakes for data availability and integrity, and it's only getting worse.

Analyst 207
Network operations center with computer workstations and servers in a brightly-lit room with a polished floor and large…

AI Tools Expose Vulnerabilities in Army's Unified Network

The Army's unified network is facing a new wave of vulnerabilities, thanks to AI tools that are making it easier for attackers to breach defenses. With AI, techniques that once required specialized skills can now be scaled with ease, expanding the attack surface and increasing risk.

Analyst 207
Professionals in a control room discuss around a large table with empty screens.

Anthropic Expands Vulnerability Detection Program to Critical Infrastructure Firms

Anthropic's expanded Vulnerability Detection Program is helping protect critical infrastructure firms from cyber threats, having already uncovered over 10,000 high-risk software vulnerabilities since April. The program, known as Project Glasswing, now includes 150 organizations across 15 countries.

Analyst 207
Developer workspace with Windows laptop, notes, and coding materials, displaying a command-line interface with mixed…

Microsoft Brings Linux Commands to Windows with Coreutils Release

Microsoft just made life easier for developers who juggle Windows and Linux, releasing Coreutils for Windows, a package that brings commonly used Linux commands to Windows as native apps. This game-changing move eliminates frustrating workarounds and context switching, letting devs focus on what matters most - coding.

Analyst 207
Laptop screen displays lines of code on a neutral surface with blurred lab background.

Anthropic Expands AI Bug Hunting Program

In just eight weeks, Cisco's AI-powered bug hunting program scanned a staggering 1.8 billion lines of code, a task that would have taken their top security team a whopping eight years to complete. This groundbreaking feat showcases the incredible potential of AI-driven cybersecurity solutions.

Analyst 207