Skip to main content

Cybersecurity

General cybersecurity news and analysis

Researcher in lab setting interacts with complex AI technology setup.

Measuring AI Security Effectiveness Proves Elusive

Measuring AI security effectiveness is a complex challenge that can't be reduced to a single score or benchmark. Relying on benchmarks alone simply doesn't work when it comes to safeguarding AI systems.

Analyst 207
Modern lab interior with workstations, laptop, and scientific instruments.

Check Point Targets AI Trust Gap with Deepchecks Acquisition

Check Point is bridging the AI trust gap with its acquisition of Deepchecks, gaining cutting-edge model validation capabilities to help organizations ensure the reliability and accuracy of their AI-driven actions. This strategic move enables businesses to effectively test, evaluate, and monitor machine learning systems and mitigate operational risks associated with generative AI.

Analyst 207
A computer workstation with a blank laptop screen sits in a clean, neutral-colored environment.

Claude AI Exposes Unaddressed Vulnerability in Sandbox Environment

A recent report by The Register revealed that a significant vulnerability in the Claude AI sandbox environment went unaddressed, leaving users exposed to potential risks. The issue was quietly fixed without a public disclosure or CVE assignment, sparking concerns about transparency in AI security.

Analyst 207
Developer working on laptop surrounded by notes and diagrams in a collaborative workspace.

Microsoft Bolsters AI Security with Open-Source RAMPART and Clarity Tools

Microsoft's new open-source tools, RAMPART and Clarity, empower product managers and engineers to stress-test AI security assumptions early on, saving months of potential rework and costly mistakes. With RAMPART, developers can write and run safety tests to identify vulnerabilities in AI agents, covering both adversarial and benign threats.

Analyst 207
Dimly lit server room with rows of humming equipment, some areas shrouded in shadows.

Enterprises Unprepared for Agent AI Risks as Identity Gaps Persist

Enterprises are rolling out Agent AI at scale, but a staggering 57% of identity elements remain unseen and unmanaged, leaving them woefully unprepared for the risks that come with it. This "identity dark matter" now outweighs visible, centrally managed elements, threatening to expose businesses to devastating consequences.

Analyst 207
Cluttered home office desk with a Mac computer, papers, notebook, and pen.

ExifTool Flaw Exposes Macs to Arbitrary Command Execution

A newly discovered vulnerability in ExifTool, known as CVE-2026-3102, left Macs open to hackers who could exploit it to run malicious commands by hiding them in image metadata. This flaw allowed attackers to take control by slipping instructions into seemingly harmless image files.

Analyst 207
People in IT attire gathered around a touchscreen in a modern data center.

Bolstering AI Resilience Across Cloud and Data Environments

As AI agents and copilots increasingly access, share, and store enterprise data, organisations in Australia and New Zealand face a pressing question: can they keep their data secure and recoverable in this new landscape? The integration of agentic AI and copilots is expanding data pathways, creating new operational risks that demand attention to visibility, protection, and recovery readiness.

Analyst 207
Person interacting with laptop and smartphone at a cluttered desk.

Device Security Must Complement Identity to Thwart Modern Threats

Authentication is no longer enough to guarantee security - even with multi-factor authentication in place, phishing kits can capture session tokens, allowing attackers to bypass security checks undetected. As a result, device security must step up to complement identity and prevent modern threats.

Analyst 207
Laptop screen blurred, a software update is applied in a quiet, well-lit workspace.

Drupal Rushes Security Fix to Plug High-Risk Bug

Drupal is rushing out a critical security update today to fix a high-risk bug that could be exploited by hackers within hours of the patch being released. The update is a core security release aimed at plugging a vulnerability that poses a significant threat to users.

Analyst 207
A laptop screen displays lines of code in a modern server room setting.

Exploit Released for PinTheft Linux Flaw

A critical Linux flaw, dubbed PinTheft, has been exploited, allowing local attackers to gain root privileges on affected systems through a complex vulnerability in the Reliable Datagram Sockets (RDS) code. This security gap can be triggered by a specific interaction between RDS zerocopy and io_uring fixed buffers.

Analyst 207
Windows laptop on a clean surface with a blurred background and a note beside it.

Microsoft Mitigates YellowKey BitLocker Bypass Exploit with New Guidance

Microsoft has stepped in to squash a newly revealed BitLocker bypass exploit, dubbed YellowKey, by releasing crucial guidance to protect users from potential attacks. This security move comes after a researcher demonstrated how the exploit could spawn a shell with unrestricted access to sensitive data.

Analyst 207
Rows of equipment racks and patch panels in a modern network closet with a technician's workbench in the foreground.

Vulnerability Exploits Overtake Credentials as Top Breach Entry Point

For the first time in nearly two decades, exploiting vulnerabilities has surpassed compromised credentials as the top breach entry point, accounting for 31% of data breaches over the past year. This significant shift suggests that threat actors are adapting their tactics, and defenders must follow suit.

Analyst 207
Windows laptop screen on a desk in a modern office with a blurred interface displayed.

Microsoft Discloses Mitigations for YellowKey Windows Zero-Day Vulnerability

Microsoft has issued urgent guidance to mitigate a newly publicized Windows zero-day vulnerability, dubbed YellowKey, which could allow attackers to bypass security features. The tech giant is working on a fix, but in the meantime, it's urging users to follow its interim guidance to stay protected.

Analyst 207
Dimly-lit room with scattered papers, laptop, and illegible whiteboard scribbles.

Cryptologist's Legacy Reveals Tech's Limits

Meet the cryptographer's mantra that's shaking up tech: if you think cryptography is a silver bullet, you might be missing the point of both the problem and the solution. This timeless wisdom, coined by Roger Needham and echoed by artists like Laurie Anderson, is a powerful reminder of the limits of tech.

Analyst 207
Technician interacts with laptop amidst various devices on a neutral surface.

Axonius Expands Asset Management to Intelligence Platform

Axonius is taking asset management to the next level by transforming it into a powerful intelligence platform that not only provides complete visibility across all asset classes, but also enables businesses to take action with automated orchestration capabilities. Under CEO Joe Diamond's strategic leadership, the company is revolutionizing the way organizations manage and leverage their assets.

Analyst 207
Dimly lit server room with rows of humming servers and flickering screens, partially shrouded in shadow.

AI Adoption Exposes Identity Security Blind Spots

As organizations rapidly adopt AI, they're unwittingly creating a surge in non-human identities - like AI agents and machine identities - that are outpacing their ability to manage and secure them, leaving them vulnerable to new security risks. This blind spot is exposing companies to excessive privileges, unmanaged access, and orphaned accounts, threatening their security, compliance, and operations.

Analyst 207
European Commission Vice President speaks at a podium in a formal Parliament setting.

Europe Bolsters Defenses Against AI-Powered Cyberattacks

The European Commission is proactively bolstering its defenses against AI-powered cyberattacks, with Vice President Henna Virkkunen pledging to ramp up preparedness and unveil a list of concrete actions in the coming weeks. The commission is considering activating the EU Cybersecurity Reserve to stay ahead of emerging threats.

Analyst 207
Young adults gathered around a computer in a casual setting, engaged in conversation.

Discord Deploys End-to-End Encryption on Voice, Video Calls

Big news for Discord users: the platform has just rolled out end-to-end encryption for all voice and video calls by default, giving you an extra layer of security and peace of mind when chatting with friends or colleagues. This major update is powered by the innovative DAVE protocol, designed to keep your conversations private and secure.

Analyst 207
Developer urgently working on laptop with clock nearby, surrounded by notes.

Drupal Warns of Highly Critical Vulnerability Requiring Immediate Patch

Drupal is warning of a highly critical vulnerability that requires immediate attention, urging site operators to clear their calendars for a crucial patch rollout on Wednesday, May 20, between 1700 and 2100 UTC. Exploits could be developed within hours or days, making swift action essential to protect your site.

Analyst 207
Robotic arm in industrial control setting surrounded by machinery and control panels.

OpenClaw Flaw Enables Hackers to Hijack AI Agents

A newly discovered flaw in OpenClaw, dubbed the Claw Chain, allows hackers to hijack AI agents and use their privileges to gain persistent control of an environment. By exploiting this vulnerability, attackers can escalate privileges, access sensitive data, and maintain a foothold within the system.

Analyst 207
Risk analyst examines supply chain data on tablet in industrial setting.

Vulnerabilities Dwindle to Manageable Number in Supply Chain Risk Landscape

The good news on supply chain risk: out of 1,200 high-priority vulnerabilities in 2025, only 58 proved both highly exposed and easily exploitable, making them a manageable threat. By focusing on these urgent few, organizations can tackle their most immediate and impactful risks.

Analyst 207
Government panel discussion on stage with speakers and laptop in foreground.

AI Models Force Government to Rethink Cybersecurity Risks

The government's approach to cybersecurity is at a critical reflection point, thanks to advanced AI models like Anthropic's Mythos, which present both risks and opportunities for agencies handling sensitive information. Collaboration between the government and vendors is crucial to navigate this new landscape.

Analyst 207
Windows 11 laptop on a neutral surface with a blurred office background and an abstract on-screen display.

Microsoft Revamps Windows 11 Driver Strategy to Bolster Quality

Microsoft is shaking up its Windows 11 driver strategy with a new Driver Quality Initiative, aiming to elevate the quality of drivers and ensure customers enjoy reliable, secure, and high-performance devices. By targeting key areas, Microsoft hopes to transform the driver experience and prevent frustrating device problems.

Analyst 207
Laptop screen displays warning message amidst office workspace.

Drupal Users Face Urgent Patch Deadline

Drupal users, take note: a highly critical core patch is coming and it's essential to act fast to secure your site. Get ready to install the update ASAP to avoid potential risks.

Analyst 207