Cybersecurity
General cybersecurity news and analysis

Measuring AI Security Effectiveness Proves Elusive
Measuring AI security effectiveness is a complex challenge that can't be reduced to a single score or benchmark. Relying on benchmarks alone simply doesn't work when it comes to safeguarding AI systems.

Check Point Targets AI Trust Gap with Deepchecks Acquisition
Check Point is bridging the AI trust gap with its acquisition of Deepchecks, gaining cutting-edge model validation capabilities to help organizations ensure the reliability and accuracy of their AI-driven actions. This strategic move enables businesses to effectively test, evaluate, and monitor machine learning systems and mitigate operational risks associated with generative AI.

Claude AI Exposes Unaddressed Vulnerability in Sandbox Environment
A recent report by The Register revealed that a significant vulnerability in the Claude AI sandbox environment went unaddressed, leaving users exposed to potential risks. The issue was quietly fixed without a public disclosure or CVE assignment, sparking concerns about transparency in AI security.

Microsoft Bolsters AI Security with Open-Source RAMPART and Clarity Tools
Microsoft's new open-source tools, RAMPART and Clarity, empower product managers and engineers to stress-test AI security assumptions early on, saving months of potential rework and costly mistakes. With RAMPART, developers can write and run safety tests to identify vulnerabilities in AI agents, covering both adversarial and benign threats.

Enterprises Unprepared for Agent AI Risks as Identity Gaps Persist
Enterprises are rolling out Agent AI at scale, but a staggering 57% of identity elements remain unseen and unmanaged, leaving them woefully unprepared for the risks that come with it. This "identity dark matter" now outweighs visible, centrally managed elements, threatening to expose businesses to devastating consequences.

ExifTool Flaw Exposes Macs to Arbitrary Command Execution
A newly discovered vulnerability in ExifTool, known as CVE-2026-3102, left Macs open to hackers who could exploit it to run malicious commands by hiding them in image metadata. This flaw allowed attackers to take control by slipping instructions into seemingly harmless image files.

Bolstering AI Resilience Across Cloud and Data Environments
As AI agents and copilots increasingly access, share, and store enterprise data, organisations in Australia and New Zealand face a pressing question: can they keep their data secure and recoverable in this new landscape? The integration of agentic AI and copilots is expanding data pathways, creating new operational risks that demand attention to visibility, protection, and recovery readiness.

Device Security Must Complement Identity to Thwart Modern Threats
Authentication is no longer enough to guarantee security - even with multi-factor authentication in place, phishing kits can capture session tokens, allowing attackers to bypass security checks undetected. As a result, device security must step up to complement identity and prevent modern threats.

Drupal Rushes Security Fix to Plug High-Risk Bug
Drupal is rushing out a critical security update today to fix a high-risk bug that could be exploited by hackers within hours of the patch being released. The update is a core security release aimed at plugging a vulnerability that poses a significant threat to users.

Exploit Released for PinTheft Linux Flaw
A critical Linux flaw, dubbed PinTheft, has been exploited, allowing local attackers to gain root privileges on affected systems through a complex vulnerability in the Reliable Datagram Sockets (RDS) code. This security gap can be triggered by a specific interaction between RDS zerocopy and io_uring fixed buffers.

Microsoft Mitigates YellowKey BitLocker Bypass Exploit with New Guidance
Microsoft has stepped in to squash a newly revealed BitLocker bypass exploit, dubbed YellowKey, by releasing crucial guidance to protect users from potential attacks. This security move comes after a researcher demonstrated how the exploit could spawn a shell with unrestricted access to sensitive data.

Vulnerability Exploits Overtake Credentials as Top Breach Entry Point
For the first time in nearly two decades, exploiting vulnerabilities has surpassed compromised credentials as the top breach entry point, accounting for 31% of data breaches over the past year. This significant shift suggests that threat actors are adapting their tactics, and defenders must follow suit.

Microsoft Discloses Mitigations for YellowKey Windows Zero-Day Vulnerability
Microsoft has issued urgent guidance to mitigate a newly publicized Windows zero-day vulnerability, dubbed YellowKey, which could allow attackers to bypass security features. The tech giant is working on a fix, but in the meantime, it's urging users to follow its interim guidance to stay protected.

Cryptologist's Legacy Reveals Tech's Limits
Meet the cryptographer's mantra that's shaking up tech: if you think cryptography is a silver bullet, you might be missing the point of both the problem and the solution. This timeless wisdom, coined by Roger Needham and echoed by artists like Laurie Anderson, is a powerful reminder of the limits of tech.

Axonius Expands Asset Management to Intelligence Platform
Axonius is taking asset management to the next level by transforming it into a powerful intelligence platform that not only provides complete visibility across all asset classes, but also enables businesses to take action with automated orchestration capabilities. Under CEO Joe Diamond's strategic leadership, the company is revolutionizing the way organizations manage and leverage their assets.

AI Adoption Exposes Identity Security Blind Spots
As organizations rapidly adopt AI, they're unwittingly creating a surge in non-human identities - like AI agents and machine identities - that are outpacing their ability to manage and secure them, leaving them vulnerable to new security risks. This blind spot is exposing companies to excessive privileges, unmanaged access, and orphaned accounts, threatening their security, compliance, and operations.

Europe Bolsters Defenses Against AI-Powered Cyberattacks
The European Commission is proactively bolstering its defenses against AI-powered cyberattacks, with Vice President Henna Virkkunen pledging to ramp up preparedness and unveil a list of concrete actions in the coming weeks. The commission is considering activating the EU Cybersecurity Reserve to stay ahead of emerging threats.

Discord Deploys End-to-End Encryption on Voice, Video Calls
Big news for Discord users: the platform has just rolled out end-to-end encryption for all voice and video calls by default, giving you an extra layer of security and peace of mind when chatting with friends or colleagues. This major update is powered by the innovative DAVE protocol, designed to keep your conversations private and secure.

Drupal Warns of Highly Critical Vulnerability Requiring Immediate Patch
Drupal is warning of a highly critical vulnerability that requires immediate attention, urging site operators to clear their calendars for a crucial patch rollout on Wednesday, May 20, between 1700 and 2100 UTC. Exploits could be developed within hours or days, making swift action essential to protect your site.

OpenClaw Flaw Enables Hackers to Hijack AI Agents
A newly discovered flaw in OpenClaw, dubbed the Claw Chain, allows hackers to hijack AI agents and use their privileges to gain persistent control of an environment. By exploiting this vulnerability, attackers can escalate privileges, access sensitive data, and maintain a foothold within the system.

Vulnerabilities Dwindle to Manageable Number in Supply Chain Risk Landscape
The good news on supply chain risk: out of 1,200 high-priority vulnerabilities in 2025, only 58 proved both highly exposed and easily exploitable, making them a manageable threat. By focusing on these urgent few, organizations can tackle their most immediate and impactful risks.

AI Models Force Government to Rethink Cybersecurity Risks
The government's approach to cybersecurity is at a critical reflection point, thanks to advanced AI models like Anthropic's Mythos, which present both risks and opportunities for agencies handling sensitive information. Collaboration between the government and vendors is crucial to navigate this new landscape.

Microsoft Revamps Windows 11 Driver Strategy to Bolster Quality
Microsoft is shaking up its Windows 11 driver strategy with a new Driver Quality Initiative, aiming to elevate the quality of drivers and ensure customers enjoy reliable, secure, and high-performance devices. By targeting key areas, Microsoft hopes to transform the driver experience and prevent frustrating device problems.

Drupal Users Face Urgent Patch Deadline
Drupal users, take note: a highly critical core patch is coming and it's essential to act fast to secure your site. Get ready to install the update ASAP to avoid potential risks.