Skip to main content

Cybersecurity

General cybersecurity news and analysis

Laptop on a home office desk with a blank screen, smartphone, and notebook nearby.

Google Chrome Bolsters Defenses with Cookie Theft Protection Rollout

Google's new Cookie Theft Protection is a game-changer, tying session cookies to device hardware to prevent hackers from using stolen cookies to access your accounts. This cutting-edge tech binds user sessions to a machine's security chip, making it virtually impossible for thieves to get in.

Analyst 207
Professionals from various fields collaborate on cybersecurity in a modern conference room.

CyCOS Expands to Bolster UK SMEs' Cybersecurity Support

The CyCOS pilot is revolutionizing cybersecurity support for UK SMEs by connecting them with expert-led communities that offer personalized guidance and protection. By bringing together a small group of organizations with a few cyber experts, CyCOS creates a unique, supportive ecosystem that helps smaller firms bolster their defenses.

Analyst 207
Courthouse or government briefing room with podium, windows, and financial backdrop.

Google Engineer Exploits Confidential Data for $1.2M Betting Gain

A Google engineer allegedly used confidential data to make a staggering $1.2M betting gain, sparking a federal crackdown on insider trading that threatens to undermine market integrity. The US attorney for the Southern District of New York vowed to investigate and prosecute such greed-driven conduct.

Analyst 207
Windows Server administrator surrounded by computer equipment looks frustrated.

Microsoft Tests Limits of Windows Server Admins' Patience

Microsoft is pushing the patience of Windows Server administrators to the limit with a 15-character constraint that's leaving them frustrated. Is the tech giant testing the boundaries of their tolerance a bit too far?

Analyst 207
Developer workstation with laptop, code, and git terminal, surrounded by coffee cup and notes in soft daylight.

Gogs Vulnerability Exposes Remote Code Execution Risk

A newly discovered vulnerability in Gogs puts servers at risk of remote code execution, allowing any authenticated user to inject malicious code through a simple pull request. By crafting a malicious branch name, attackers can exploit the --exec flag in git rebase to run unauthorized shell commands.

Analyst 207
Travel agency office with laptop showing subtle cyber threat signs.

Travel Sector Braces for Cyberattacks as Summer Looms

As summer approaches, the travel sector is bracing for a surge in cyberattacks, with a staggering 92% of travel agencies experiencing some form of cyber threat in the last year. Ransomware, data breaches, and cyberattacks top the list of concerns, cited by 68% of agencies as the greatest threat to their success.

Analyst 207
Laptop and smartphone with blurred interfaces sit on a desk in a bright office space surrounded by paperwork.

Zapier Fixes Bug Chain That Exposed Millions to Account Takeover Risk

A security firm recently uncovered a chain of five weaknesses in popular workflow automation service Zapier that could have put millions of users at risk of account takeover - and thankfully, the issue has now been fixed. The vulnerabilities were surprisingly easy to exploit, requiring only a free Zapier account to potentially gain unauthorized access to user accounts.

Analyst 207
Exposure Management Shields Against Lurking Vulnerabilities

Exposure Management Shields Against Lurking Vulnerabilities

Don't let a single vulnerability be the Death Star of your defense - even the strongest systems can be undermined by a shared insider weakness. Start with asset discovery to proactively manage exposure and shield against lurking threats.

Analyst 207
Security analysts work together in a brightly-lit operations center surrounded by multiple data screens and monitors.

SIEM Helps MSPs Filter Out Noise, Accelerate Threat Detection

MSPs are drowning in a sea of security alerts, but the real challenge is cutting through the noise to identify genuine threats. When endpoint, identity, cloud, and network sensors operate in isolation, duplicate alerts and blind spots create an incomplete picture, making it tough to prioritize and respond to potential threats.

Analyst 207
Windows desktop and laptop setup with blurred screen, featuring a subtle security symbol.

Microsoft Opposes Public Zero-Day Disclosures, Cites Customer Risk

Microsoft is speaking out against public zero-day disclosures, warning that revealing vulnerabilities without prior notice can put customers at unnecessary risk. The tech giant is urging researchers to adopt Coordinated Vulnerability Disclosure, sharing findings with affected vendors before going public.

Analyst 207
Empty conference room with podium, rows of chairs, and laptops on tables.

Microsoft Decries Uncoordinated Zero-Day Disclosures

Microsoft slammed researchers who publicly revealed six zero-day vulnerabilities without giving the company a heads-up, putting customers at unnecessary risk. The tech giant named and shamed the flaws, including privilege escalation vulnerabilities in Microsoft Defender and a security feature bypass vulnerability in Windows BitLocker.

Analyst 207
Modern office setting with employees working at desks, focus on blurred laptop screen.

Enterprise AI Risk Concentrated Among Small Group of Power Users

Meet the AI power users: a small but mighty 5% of enterprise employees who are generating a whopping 144 conversations or more with AI tools, creating a concentrated risk that demands attention. These super-users are producing far more intense interactions, with 18 prompts per conversation compared to just 2.

Analyst 207
Podium stands at center of Bletchley Park gathering, with blurred audience and subtle tech hints in background.

GCHQ Chief Warns UK Businesses to Bolster Cyber Defenses as AI Reshapes Threats

Protecting your systems is now a front-line defence for our nation, economy, and way of life - it's time for UK businesses to treat cybersecurity as a national defence priority, not just an IT issue. With AI-driven threats evolving rapidly, the window to bolster your cyber defences is narrowing.

Analyst 207
Business professionals in a meeting with a cityscape background and a person reviewing data on a laptop.

Cybersecurity Pros Prefer CISOs With Live Attack Response Experience

When it comes to cybersecurity leadership, professionals trust those who have been battle-tested, with 75% believing that experience in live attack response boosts a leader's credibility. Hands-on experience navigating high-pressure incidents gives leaders a unique perspective, composure, and trustworthiness.

Analyst 207
Laptop screen displays file share interface on a plain surface in a corporate office setting.

CEO's File Share Mishap Exposes Workplace Security Lapses

Imagine being called in to help a CEO recover deleted files, only to discover a shocking secret: a treasure trove of explicit content stored on a company file share that's accessible to anyone. The awkward moment that followed will leave you cringing - and wondering how something so sensitive could be so carelessly exposed.

Analyst 207
Venture Capital Targets Cybersecurity's Elusive Prime

Venture Capital Targets Cybersecurity's Elusive Prime

Venture capital is swooping in to shake up the cybersecurity scene, now that barriers to entry have crumbled, but the million-dollar question remains: will this influx of cash spawn a new generation of market leaders? The industry is holding its breath, waiting to see which defensive cyber startups will rise to the top and dominate the landscape.

Analyst 207
OpenAI Bolsters Cybersecurity, Election Integrity with 2026 Midterm Safeguards

OpenAI Bolsters Cybersecurity, Election Integrity with 2026 Midterm Safeguards

OpenAI is stepping up its game to safeguard the 2026 midterm elections with a robust five-part plan to combat AI-driven interference and bolster cybersecurity. The company is committed to protecting digital infrastructure and promoting election integrity by spreading reliable information, watermarking deepfakes, and more.

Analyst 207
Employees work at desks with laptops and smartphones, surrounded by papers and office supplies, with blurred software…

Managing Shadow AI Tools Requires a Proactive Security Approach

Employees are now using three to five AI tools daily, outpacing the controls in place to manage them, and creating a growing security gap that's hard to ignore. This surge in shadow AI tools is fueled by three key areas: OAuth connections, browser extensions, and bundled AI.

Analyst 207
Executives in a conference room show concern, with a subtle network diagram in the background.

Executives' Blind Spot: Shadow AI Use Exposes Security Risks

Most organizations have a blind spot when it comes to AI usage, leaving them vulnerable to security risks - and the truth is, you can't protect what you can't see. A recent study by Okta and Apprize360 found that shadow AI use is rampant, exposing companies to potential breaches, data exposures, and system disruptions.

Analyst 207
Exhausted cyber professional sits at cluttered desk surrounded by empty coffee cups.

Cybersecurity Burnout Spurs Call for Risk-Based Response

Half of all cyber professionals are burning out weekly or daily - it's time for organizations to shift their approach and view burnout as a critical operational risk, rather than just a wellness issue. By reframing burnout in this way, businesses can prioritize effective solutions and safeguard their cyber resilience.

Analyst 207
Security professionals monitor threat detection interface in a brightly-lit operations center.

SOCs Shut Down Incident Risks with Proactive Threat Detection

Stay ahead of incident risks with proactive threat detection from ANY.RUN's Threat Intelligence Feeds, which deliver a continuous stream of high-confidence threat data from a vast network of organizations and SOC professionals. By shrinking the time between detection and understanding, modern Security Operations Centers (SOCs) can effectively shut down threats before they cause harm.

Analyst 207
IT professional urgently working on laptop amidst computer equipment.

India's CERT-In Urges 12-Hour Patch Deadline for Exploited Vulnerabilities

CERT-In is urging organizations to act fast - patch, mitigate, or remove exposure to exploited vulnerabilities within 12 hours for internet-facing and high-priority systems. This strict deadline aims to minimize risk and protect critical assets from potential attacks.

Analyst 207
Person sitting at desk with laptop, surrounded by papers, thoughtfully typing or reading in quiet office setting.

Strengthening Active Directory Password Rules Without Frustrating Users

Want to boost your Active Directory password security without driving users crazy? Ditch outdated complexity rules and switch to passphrases - longer, multi-word passwords that are easier to remember and harder for hackers to crack.

Analyst 207
Researcher sits at desk with laptop and notepad in empty, brightly-lit office.

Researchers Warn of LLM Guardrail Vulnerability to Multi-Turn Manipulation

Beware: even the toughest-sounding safety guardrails on large language models can be easily bypassed by clever attackers who use multi-turn conversations to manipulate them. Cisco researchers found that none of the models they tested were completely safe from this type of exploitation.

Analyst 207