Cybersecurity
General cybersecurity news and analysis

Google Chrome Bolsters Defenses with Cookie Theft Protection Rollout
Google's new Cookie Theft Protection is a game-changer, tying session cookies to device hardware to prevent hackers from using stolen cookies to access your accounts. This cutting-edge tech binds user sessions to a machine's security chip, making it virtually impossible for thieves to get in.

CyCOS Expands to Bolster UK SMEs' Cybersecurity Support
The CyCOS pilot is revolutionizing cybersecurity support for UK SMEs by connecting them with expert-led communities that offer personalized guidance and protection. By bringing together a small group of organizations with a few cyber experts, CyCOS creates a unique, supportive ecosystem that helps smaller firms bolster their defenses.

Google Engineer Exploits Confidential Data for $1.2M Betting Gain
A Google engineer allegedly used confidential data to make a staggering $1.2M betting gain, sparking a federal crackdown on insider trading that threatens to undermine market integrity. The US attorney for the Southern District of New York vowed to investigate and prosecute such greed-driven conduct.

Microsoft Tests Limits of Windows Server Admins' Patience
Microsoft is pushing the patience of Windows Server administrators to the limit with a 15-character constraint that's leaving them frustrated. Is the tech giant testing the boundaries of their tolerance a bit too far?

Gogs Vulnerability Exposes Remote Code Execution Risk
A newly discovered vulnerability in Gogs puts servers at risk of remote code execution, allowing any authenticated user to inject malicious code through a simple pull request. By crafting a malicious branch name, attackers can exploit the --exec flag in git rebase to run unauthorized shell commands.

Travel Sector Braces for Cyberattacks as Summer Looms
As summer approaches, the travel sector is bracing for a surge in cyberattacks, with a staggering 92% of travel agencies experiencing some form of cyber threat in the last year. Ransomware, data breaches, and cyberattacks top the list of concerns, cited by 68% of agencies as the greatest threat to their success.

Zapier Fixes Bug Chain That Exposed Millions to Account Takeover Risk
A security firm recently uncovered a chain of five weaknesses in popular workflow automation service Zapier that could have put millions of users at risk of account takeover - and thankfully, the issue has now been fixed. The vulnerabilities were surprisingly easy to exploit, requiring only a free Zapier account to potentially gain unauthorized access to user accounts.

Exposure Management Shields Against Lurking Vulnerabilities
Don't let a single vulnerability be the Death Star of your defense - even the strongest systems can be undermined by a shared insider weakness. Start with asset discovery to proactively manage exposure and shield against lurking threats.

SIEM Helps MSPs Filter Out Noise, Accelerate Threat Detection
MSPs are drowning in a sea of security alerts, but the real challenge is cutting through the noise to identify genuine threats. When endpoint, identity, cloud, and network sensors operate in isolation, duplicate alerts and blind spots create an incomplete picture, making it tough to prioritize and respond to potential threats.

Microsoft Opposes Public Zero-Day Disclosures, Cites Customer Risk
Microsoft is speaking out against public zero-day disclosures, warning that revealing vulnerabilities without prior notice can put customers at unnecessary risk. The tech giant is urging researchers to adopt Coordinated Vulnerability Disclosure, sharing findings with affected vendors before going public.

Microsoft Decries Uncoordinated Zero-Day Disclosures
Microsoft slammed researchers who publicly revealed six zero-day vulnerabilities without giving the company a heads-up, putting customers at unnecessary risk. The tech giant named and shamed the flaws, including privilege escalation vulnerabilities in Microsoft Defender and a security feature bypass vulnerability in Windows BitLocker.

Enterprise AI Risk Concentrated Among Small Group of Power Users
Meet the AI power users: a small but mighty 5% of enterprise employees who are generating a whopping 144 conversations or more with AI tools, creating a concentrated risk that demands attention. These super-users are producing far more intense interactions, with 18 prompts per conversation compared to just 2.

GCHQ Chief Warns UK Businesses to Bolster Cyber Defenses as AI Reshapes Threats
Protecting your systems is now a front-line defence for our nation, economy, and way of life - it's time for UK businesses to treat cybersecurity as a national defence priority, not just an IT issue. With AI-driven threats evolving rapidly, the window to bolster your cyber defences is narrowing.

Cybersecurity Pros Prefer CISOs With Live Attack Response Experience
When it comes to cybersecurity leadership, professionals trust those who have been battle-tested, with 75% believing that experience in live attack response boosts a leader's credibility. Hands-on experience navigating high-pressure incidents gives leaders a unique perspective, composure, and trustworthiness.

CEO's File Share Mishap Exposes Workplace Security Lapses
Imagine being called in to help a CEO recover deleted files, only to discover a shocking secret: a treasure trove of explicit content stored on a company file share that's accessible to anyone. The awkward moment that followed will leave you cringing - and wondering how something so sensitive could be so carelessly exposed.

Venture Capital Targets Cybersecurity's Elusive Prime
Venture capital is swooping in to shake up the cybersecurity scene, now that barriers to entry have crumbled, but the million-dollar question remains: will this influx of cash spawn a new generation of market leaders? The industry is holding its breath, waiting to see which defensive cyber startups will rise to the top and dominate the landscape.

OpenAI Bolsters Cybersecurity, Election Integrity with 2026 Midterm Safeguards
OpenAI is stepping up its game to safeguard the 2026 midterm elections with a robust five-part plan to combat AI-driven interference and bolster cybersecurity. The company is committed to protecting digital infrastructure and promoting election integrity by spreading reliable information, watermarking deepfakes, and more.

Managing Shadow AI Tools Requires a Proactive Security Approach
Employees are now using three to five AI tools daily, outpacing the controls in place to manage them, and creating a growing security gap that's hard to ignore. This surge in shadow AI tools is fueled by three key areas: OAuth connections, browser extensions, and bundled AI.

Executives' Blind Spot: Shadow AI Use Exposes Security Risks
Most organizations have a blind spot when it comes to AI usage, leaving them vulnerable to security risks - and the truth is, you can't protect what you can't see. A recent study by Okta and Apprize360 found that shadow AI use is rampant, exposing companies to potential breaches, data exposures, and system disruptions.

Cybersecurity Burnout Spurs Call for Risk-Based Response
Half of all cyber professionals are burning out weekly or daily - it's time for organizations to shift their approach and view burnout as a critical operational risk, rather than just a wellness issue. By reframing burnout in this way, businesses can prioritize effective solutions and safeguard their cyber resilience.

SOCs Shut Down Incident Risks with Proactive Threat Detection
Stay ahead of incident risks with proactive threat detection from ANY.RUN's Threat Intelligence Feeds, which deliver a continuous stream of high-confidence threat data from a vast network of organizations and SOC professionals. By shrinking the time between detection and understanding, modern Security Operations Centers (SOCs) can effectively shut down threats before they cause harm.

India's CERT-In Urges 12-Hour Patch Deadline for Exploited Vulnerabilities
CERT-In is urging organizations to act fast - patch, mitigate, or remove exposure to exploited vulnerabilities within 12 hours for internet-facing and high-priority systems. This strict deadline aims to minimize risk and protect critical assets from potential attacks.

Strengthening Active Directory Password Rules Without Frustrating Users
Want to boost your Active Directory password security without driving users crazy? Ditch outdated complexity rules and switch to passphrases - longer, multi-word passwords that are easier to remember and harder for hackers to crack.

Researchers Warn of LLM Guardrail Vulnerability to Multi-Turn Manipulation
Beware: even the toughest-sounding safety guardrails on large language models can be easily bypassed by clever attackers who use multi-turn conversations to manipulate them. Cisco researchers found that none of the models they tested were completely safe from this type of exploitation.