Cybersecurity
General cybersecurity news and analysis

Exploiting Windows Drivers Without Hardware: The BYOVD Perspective
Discover how attackers can exploit Windows drivers without hardware, turning kernel-mode driver bugs into powerful tools to bypass security controls. The Atos Threat Research Center reveals a game-changing method to manipulate reachability from userland on Windows 11 23H2.

Ubiquiti Fixes Maximum-Severity UniFi OS Flaws
Ubiquiti has patched three critical vulnerabilities in UniFi OS that left nearly 100,000 Internet-exposed endpoints, including 50,000 in the US, open to remote attacks without requiring login credentials. The fixes address severe flaws that could allow unauthorized system changes, file access, and even command injection.

Apple Thwarts $2.2bn in App Store Fraud with AI-Driven Defenses
Apple's AI-powered defenses have successfully blocked a whopping $2.2 billion in App Store fraud over the past year, and a staggering $11.2 billion over six years, protecting consumers and businesses from malicious actors.

Cisco Tests AI for Incident Reports, Finds Mixed Results
Cisco's experiment with AI-generated incident reports yielded mixed results, with large language models producing significant inaccuracies, unusual conclusions, and inconsistent writing styles when used for long-form technical content. The findings revealed four predictable failure modes, highlighting the need for guardrails to ensure reliable outcomes.

Cisco Fixes API Flaw Enabling Unauth Data Access
Cisco has patched a critical API flaw that allowed hackers to access sensitive data without authentication, potentially leading to configuration changes with admin-level privileges. This vulnerability, tracked as CVE-2026-20223, highlights the importance of robust API security measures to prevent devastating breaches.

CISA Warns of Open-Source Vulnerabilities Amid Delayed Security Improvements
The open-source community's rapid vulnerability discovery is a pressing concern, with the tempo of exploitation accelerating and straining traditional defensive practices, according to CISA's acting director Nick Andersen. He warns that this situation will require hard security decisions to mitigate the risks to federal and private networks.

macOS Exploit Enables Kernel Memory Corruption
A newly discovered macOS exploit has raised concerns about potential kernel memory corruption, but details on the vulnerability and how to protect yourself are scarce. A cryptic post claims to offer more information, but be cautious of explicit threats from the user behind the handle @ALFDAD.

Google API Keys Remain Usable for 23 Minutes After Deletion
Deleting a Google API key doesn't mean it's immediately useless to hackers - in fact, our experiments show it can remain active for up to 23 minutes, allowing attackers to continue misusing it even after you've tried to revoke access.

HackerOne Slashes Bug Bounty Rewards Amid AI-Driven Report Surge
HackerOne's Internet Bug Bounty program has slashed payouts, with medium-severity vulnerabilities now earning just $297, down from $1,843, and critical ones fetching $2,257, down from $9,250. The program is currently on pause as the company retools its rewards structure.

Apple Foils $11 Billion in App Store Fraud Over Six Years
Apple's vigilant efforts have paid off, blocking a whopping $11 billion in App Store fraud over the past six years, with a staggering $2.2 billion foiled in 2025 alone. The tech giant's winning combination of human review and cutting-edge tech has kept scammers at bay.

Cisco Secure Workload Flaw Exposes Site Admin Privileges
A critical vulnerability in Cisco Secure Workload, known as CVE-2026-20223, allows hackers to gain Site Admin privileges without authentication, putting sensitive information and configuration changes at risk. Cisco has warned of this maximum-severity flaw and advised on remediation steps.

Cyber Confidence Erodes as Readiness Paradox Grows
Most organizations claim they're confident in their ability to tackle cyberwarfare and AI-driven threats, but their actions tell a different story - with many admitting to lacking the budget and resources to back up their boasts. This alarming gap between confidence and capability is what we call the Cyber Readiness Paradox.

Linux Rootkits Persist in Updated Forms
A single misstep with an over-privileged or poorly designed agent can quickly spiral into a serious incident, making the UK National Cyber Security Centre's warning feel alarmingly relevant. This urgency was underscored at Pwn2Own Berlin, where researchers exploited 47 zero-day flaws, raking in over $1.2 million in rewards.

Vulnerability Exploitation Surpasses Credentials as Top Breach Entry Point
The latest Verizon Data Breach Investigations Report reveals a significant shift in how breaches occur: vulnerability exploitation now accounts for 31% of breaches, surpassing stolen credentials as the top entry point for hackers. Ransomware remains a major threat, involved in nearly half of all breaches.

Vulnerable Code Proliferates as AI Exploits Rise in Supply Chains
The alarming truth is that 75% of organizations are knowingly shipping vulnerable code, despite the risks, with the window from disclosure to exploit shrinking dramatically from 840 days in 2018 to just under two days today. This trend is expected to accelerate, with exploits potentially available in as little as one minute by 2028.

Linux Flaw Exposes SSH Keys, Password Hashes
A critical nine-year-old flaw in the Linux kernel, known as CVE-2026-46333, allows everyday users to access highly sensitive data, including SSH private keys and system password hashes, on popular Linux distributions. Fortunately, patches and updates are available to fix this vulnerability.

Identity Exposures Form Highways for Cyber Attacks
A single compromised identity can become a superhighway for cyber attacks, giving hackers access to nearly every critical workload a business relies on - as seen in a recent incident where a cached AWS access key on one Windows machine put 98% of the company's cloud environment at risk. Identity has become the ultimate attack path, carrying with it a multitude of permissions just waiting to be exploited.

Flipper Devices Seeks Community Help to Build Open Linux Platform
Join the mission to revolutionize hardware experimentation with Flipper Devices' new Linux platform, Flipper One, a high-performance tool for networking, AI, and radio analysis that's getting a boost from community collaboration. By pooling their expertise, the community can help bring this game-changing platform to life.

Linux Flaw Enables Root Command Execution on Major Distros
A newly discovered Linux flaw, tracked as CVE-2026-46333, allows hackers to easily gain root access on major distributions, putting countless systems at risk. This nine-year-old vulnerability, just recently exposed, is a wake-up call for Linux users everywhere.

Drupal Flaw Exposes PostgreSQL Sites to Remote Code Execution Attacks
A vulnerability in Drupal Core's database abstraction API leaves PostgreSQL sites open to devastating SQL injection attacks, allowing hackers to send malicious requests and wreak havoc. This highly critical flaw, tracked as CVE-2026-9082, has been patched with urgent security updates.

Microsoft Unveils AI-Powered Red Teaming Tools to Bolster Software Security
Microsoft is shifting the conversation around AI safety from philosophical debates to hands-on action, empowering developers to build more secure software with innovative tools. With the launch of Rampart, a cutting-edge red-teaming tool, the company is putting AI-powered security into practice, helping developers proactively identify and fix vulnerabilities.

Federal Agencies Face New Security Tests in AI Procurement
When it comes to AI procurement, federal agencies must prioritize cybersecurity over speed to avoid potentially disastrous consequences, especially when AI systems are tied to critical infrastructure. Compromising on security can have far-reaching and devastating impacts.

Measuring AI Security Effectiveness Proves Elusive
Measuring AI security effectiveness is a complex challenge that can't be reduced to a single score or benchmark. Relying on benchmarks alone simply doesn't work when it comes to safeguarding AI systems.

Check Point Targets AI Trust Gap with Deepchecks Acquisition
Check Point is bridging the AI trust gap with its acquisition of Deepchecks, gaining cutting-edge model validation capabilities to help organizations ensure the reliability and accuracy of their AI-driven actions. This strategic move enables businesses to effectively test, evaluate, and monitor machine learning systems and mitigate operational risks associated with generative AI.