Cybersecurity
General cybersecurity news and analysis

AI Models Force Government to Rethink Cybersecurity Risks
The government's approach to cybersecurity is at a critical reflection point, thanks to advanced AI models like Anthropic's Mythos, which present both risks and opportunities for agencies handling sensitive information. Collaboration between the government and vendors is crucial to navigate this new landscape.

Microsoft Revamps Windows 11 Driver Strategy to Bolster Quality
Microsoft is shaking up its Windows 11 driver strategy with a new Driver Quality Initiative, aiming to elevate the quality of drivers and ensure customers enjoy reliable, secure, and high-performance devices. By targeting key areas, Microsoft hopes to transform the driver experience and prevent frustrating device problems.

Drupal Users Face Urgent Patch Deadline
Drupal users, take note: a highly critical core patch is coming and it's essential to act fast to secure your site. Get ready to install the update ASAP to avoid potential risks.

Microsoft Teams Hit by macOS Update Glitch
If you're a macOS user of Microsoft Teams, you might have encountered a frustrating glitch - a location-permission dialog that just won't go away, no matter how many times you click "Don't Allow". This annoying issue started surfacing on May 11, with some users reporting they had to click "Don't Allow" up to 20 times in a row.

Linux Kernel Faces New Exploit for DirtyDecrypt Vulnerability
A new exploit has been discovered for the DirtyDecrypt vulnerability in the Linux Kernel, allowing for a potentially devastating rxgk pagecache write due to a missing copy-on-write guard. This flaw, tracked as CVE-2026-31635, has a CVSS score of 7.5 and was recently patched after being reported by security researchers.

Torq Bolsters AI-Powered Security with Jit Context Graph Acquisition
Torq supercharges its AI-powered security with the acquisition of Jit's innovative context graph technology, enabling real-time understanding of business relationships between assets and alerts. This game-changing integration helps Torq deliver smarter, more effective security solutions.

Microsoft Vulnerabilities Spike in Critical Areas
A single critical flaw, like CVE-2025-55241, can give attackers unrestricted access to any tenant, highlighting the alarming rise in critical Microsoft vulnerabilities, which doubled in 2025 despite a stable overall number of vulnerabilities. This sharp increase in high-impact weaknesses demands attention and action.

Drupal Warns of Imminent Core Security Updates, Urges Site Prep
Drupal is warning site owners to prepare for imminent core security updates, urging them to reserve time on May 20, 2026, between 5-9 p.m. UTC, to apply crucial patches and protect against potential exploits. Don't miss this window to safeguard your site and stay ahead of potential threats!

AI-Powered Tools Elevate Vulnerability Detection, Pressing Secure-by-Design Mandate
With AI-powered tools, companies can now instantly detect and fix software vulnerabilities, making ignorance a thing of the past when it comes to cybersecurity. As Hans de Vries of ENISA notes, this shift makes a secure-by-design approach not just best practice, but a pressing mandate.

SEPPMail Gateway Vulnerabilities Expose Remote Code Execution Risk
Critical vulnerabilities in SEPPMail's Secure E-Mail Gateway could allow hackers to read all mail traffic, gain entry into internal networks, and even execute remote code - putting your entire system at risk. These flaws could have devastating consequences, from data breaches to full-scale system compromise.

Microsoft Disables Windows Updates in Restricted Networks
If you've installed the January 2026 optional non-security preview updates on a restricted Windows network, you might face update failures - a frustrating issue that could leave your system vulnerable. Specifically, affected devices may still download February's security update, but then get stuck, unable to receive crucial updates from March onwards.

AI Agents Expose Blind Spots in APAC Enterprise Security
Attackers are now targeting AI agents embedded within APAC enterprises, exploiting weaknesses in non-human identities to gain access to sensitive systems, data, and workflows. This emerging threat highlights a significant blind spot in enterprise security, one that's ripe for exploitation by malicious actors.

AI-Powered Bug Reports Overwhelm Security Teams
GitHub is overhauling its bug report system after being inundated with AI-generated submissions that are often incomplete, unrealistic, or redundant, making it tough for security teams to keep up. The platform is tightening its definition of a "complete" bug report to help separate signal from noise.

Satellites Become New Frontier in Cyberwarfare
As the space and cyber domains converge, the harsh reality is that traditional cybersecurity tools are woefully unprepared for the unique challenges of protecting satellites in orbit. Conventional defenses falter in space, where satellites operate on diverse, limited platforms, demanding reliable security solutions that can thrive in extreme conditions.

AI Tools Expose Healthcare to Rising Cyber Risk
The healthcare sector faces a rising cyber risk with the emergence of advanced AI tools like Anthropic's Claude Mythos, which could exponentially speed up vulnerability detection and exploitation. A leak of this powerful technology could create a force multiplier for cybercriminals, putting healthcare CISOs and security teams on high alert.

Managing Shadow AI Tools Requires Proactive Security Measures
Employees are quietly embracing AI tools to boost productivity, with 80% using unapproved generative AI applications at work - but only 12% of companies have a formal policy in place to manage this growing trend. This creates a shadow AI gap that leaves organizations vulnerable to security risks.

Linux Flaw Exposes Root Files to Unprivileged Users
A critical flaw in the Linux kernel has been discovered, allowing unprivileged users to access files that should be restricted to root accounts, putting system security at risk. This bug puts a spotlight on the importance of kernel access controls for system operators and users who rely on them.

Infosecurity Europe Spotlights Cyber Startups
Get ready to witness the future of cybersecurity as five innovative startups take the stage at Infosecurity Europe 2026 to pitch their game-changing ideas and compete for a coveted prize package. The event will also feature a dedicated Cyber Startups Zone, where you can discover the latest solutions and meet the minds behind them.

Phishing Attacks Expose Gaps in Early Detection
In just 40 seconds, ANY.RUN's interactive sandbox exposed the full attack chain of a phishing attack, revealing redirects, fake pages, and signs of possible remote access. This game-changing tool helps teams detect phishing threats early, providing concrete evidence of business exposure before it's too late.

Poland Shifts Officials to State Messaging App Citing Security Concerns
Poland is swapping out Signal for a state-developed messaging app touted as more secure, amid rising concerns over targeted social engineering attacks on government officials. The move marks a significant shift in how officials communicate, prioritizing security over popular choice.

Major Vendors Patch Critical Flaws Amid Cyber Threat Surge
A critical flaw in Ivanti Xtraction, tracked as CVE-2026-8043, allows remote attackers to read sensitive files and launch client-side attacks - but fortunately, patches are now available to fix this high-risk vulnerability.

Microsoft Enhances Windows 11 with Customizable Taskbar, Start Menu
Get ready to take control of your Windows 11 experience with the latest update, featuring a customizable taskbar that can be moved to the top, sides, or bottom of your screen. You can also resize it to use smaller buttons, giving you more vertical space for your favorite apps.

Mozilla Warns UK Against Breaking VPNs
Mozilla warns the UK that cracking down on VPNs won't solve the country's age-check conundrum, as these essential security tools are not a teenage loophole, but a vital part of online protection. By breaking VPNs, the UK risks undermining online security for all users.

Security Researchers Uncover 47 Zero-Days at Pwn2Own Berlin
In a thrilling three-day competition, security researchers at Pwn2Own Berlin uncovered a staggering 47 zero-day vulnerabilities, raking in nearly $1.3 million in prize money, with the Devcore Research Team taking home a whopping $505,000. The top prizes included a $200,000 award for a VMware ESXi exploit and a $100,000 prize for a Microsoft SharePoint hack.