Cybersecurity
General cybersecurity news and analysis

Security Researchers Uncover 47 Zero-Days at Pwn2Own Berlin
In a thrilling three-day competition, security researchers at Pwn2Own Berlin uncovered a staggering 47 zero-day vulnerabilities, raking in nearly $1.3 million in prize money, with the Devcore Research Team taking home a whopping $505,000. The top prizes included a $200,000 award for a VMware ESXi exploit and a $100,000 prize for a Microsoft SharePoint hack.

UK Regulators Warn Financial Firms on Frontier AI Cybersecurity Risks
UK regulators are sounding the alarm: as frontier AI models advance, financial firms must urgently bolster their cyber defences to avoid catastrophic threats to safety, customers, and financial stability. The warning comes as AI capabilities increasingly outpace human expertise, offering malicious actors unprecedented speed, scale, and low-cost opportunities to wreak havoc.

Microsoft Windows 11 Update Fails to Install Due to EFI Space Issue
Struggling with a frustrating update fail? The latest Windows 11 security update may not install on your device due to a sneaky space issue on the EFI System Partition, causing error code 0x800f0922 and an automatic rollback.

DirtyDecrypt Flaw Exposes Linux Systems to Root Access Risk
A newly patched Linux kernel flaw, dubbed DirtyDecrypt, has been exposed through a public proof-of-concept exploit that can grant root access to vulnerable systems. This critical vulnerability was recently patched, but a public exploit is now available, putting Linux systems at risk.

Security Researchers Exploit 47 Zero-Days for $1.3 Million at Pwn2Own Berlin
In a stunning display of cybersecurity prowess, researchers at Pwn2Own Berlin 2026 exploited a whopping 47 zero-day flaws, raking in a total of $1.3 million in just three days. The competition saw contestants disclose and exploit vulnerabilities in top enterprise and AI-facing products, earning daily payouts of $523,000, $385,750, and $389,500.

AI-Powered Bug Hunters Overwhelm Linux Security List
If you're using AI tools to find bugs, make sure to go the extra mile by creating a patch and adding real value to your report, rather than just sending a superficial notice. Don't be a drive-by reporter - take the time to understand the issue and contribute meaningfully.

Microsoft Disputes Azure Vulnerability Report, Silent Patch Issued
Security researcher Justin O'Leary claims a critical flaw in Azure Backup for AKS could let users with zero Kubernetes permissions gain full cluster administration, but Microsoft disputes the finding. The tech giant quietly issued a patch without acknowledging the vulnerability.

SecurityScorecard Bolsters Internet Visibility with Driftnet Acquisition
SecurityScorecard has acquired Driftnet, an internet scanning startup, to supercharge its third-party risk management capabilities with deeper, real-time visibility into internet infrastructure and hidden exposures. This strategic move allows SecurityScorecard to directly control data quality and drive future innovation in AI security.

Zero-Knowledge Proofs Evolve to Bypass Age-Verification Checks
As the digital landscape continues to shift, it's only a matter of time before you'll have to face the music - and the cameras - when it comes to age verification checks. But what's really behind these on-camera checks: protecting kids or creating a way for governments to control access to online platforms?

Microsoft Unveils 100-Agent AI System for Advanced Bug Hunting
Microsoft has just unveiled MDASH, a game-changing AI system that leverages 100 specialized agents to supercharge bug hunting and vulnerability discovery. This cutting-edge technology combines multiple AI models to outperform traditional single-model approaches, giving enterprises a powerful new defense against cyber threats.

Hackers Disrupt Microsoft Exchange, Windows 11 at Pwn2Own Contest
Security researchers just scored big at Pwn2Own Berlin 2026, raking in $385,750 for exploiting 15 zero-day vulnerabilities in top tech targets like Microsoft Exchange and Windows 11. The contest, running from May 14-16, offers up to $1 million in prizes for hacking the latest enterprise technologies.

OpenClaw Flaws Expose Data, Enable Privilege Escalation
A chain of four vulnerabilities, dubbed Claw Chain, in OpenClaw can be exploited to turn an agent into a powerful tool for attackers, allowing them to extract sensitive data, escalate privileges, and plant backdoors for long-term access. This flaw chain enables adversaries to gain a foothold, move undetected, and wreak havoc on an OpenClaw-managed environment.

Avada Builder Flaws Expose WordPress Sites to Credential Theft
A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

Microsoft Alters Edge to Mitigate Password Exposure Risk
Microsoft is taking a major step to boost password security in its Edge browser, rolling out a defense-in-depth change to mitigate the risk of password exposure. This update will be applied across all supported Edge versions, prioritizing a swift rollout to protect users.

Autonomous AI Exposes Gaps in Enterprise Resilience Plans
As organizations deploy autonomous AI, they're exposing gaps in their resilience plans, putting business continuity at risk and creating new operational and infrastructure challenges for IT teams to navigate. Traditional security and recovery models are ill-equipped to handle the machine-speed, dynamic environments that autonomous AI creates.

Autonomous AI Exposes Governance Gaps in Enterprise Security
As autonomous AI revolutionizes enterprise security, it's also revealing alarming governance gaps that can leave organizations in highly regulated environments exposed to unprecedented risks. The rapid adoption of autonomous AI is creating a trust gap, where innovation outpaces control, and novel risks to visibility, control, and regulatory compliance are emerging.

Enterprises Lag in AI-Agent Risk Mitigation Despite Funding
Most enterprise leaders are bracing for a major security breach or fraud incident driven by AI agents within the next year, yet their organizations are woefully unprepared to mitigate the risks. A recent survey of 300 security leaders reveals a stark gap between threat awareness and adequate safeguards.

Wireless Vulnerabilities Skyrocket, Outpacing Traditional Threats
The number of wireless vulnerabilities has skyrocketed, with a staggering 937 new threats discovered in 2025 alone - that's 2.5 new vulnerabilities every day. This represents a 60% increase since the start of 2024, and a growth rate that's 20 times faster than traditional threats over the last 15 years.

Bitdefender Exposes Hidden Attack Surface in Trusted Tools
Did you know that 84% of high-severity incidents involve the abuse of trusted tools, making them nearly invisible to traditional security measures? This shocking statistic highlights the alarming ease with which attackers can hide in plain sight, using legitimate tools against you.

Microsoft Introduces Automated Windows Driver Rollback Feature
Microsoft's new Cloud-Initiated Driver Recovery feature lets them swiftly roll back faulty Windows drivers, so you don't have to - no more manual uninstalls or waiting for an updated driver from the hardware partner. This means your device can quickly get back on track with a reliable driver.

US Cyber Official Warns of AI-Driven Identity Security Risks
As AI-driven threats evolve, securing identities is more crucial than ever - in fact, a top US cyber official warns that controlling who and what gets onto a network is now our first line of defense. By prioritizing identity security, we can prevent attackers from exploiting vulnerabilities and gaining a foothold in our systems.

Federal Leaders Modernize Networks to Bolster Security and Scale
Federal leaders are on a critical mission to modernize their networks, and it's a challenge that requires constant momentum and adaptability in a high-pressure, global landscape. By upgrading their IT infrastructure, they're working to achieve a crucial goal: delivering secure, seamless connectivity that can keep pace with their dynamic needs.

Generative AI Exposes Software Vulnerabilities at Scale
Generative AI is rapidly advancing and can now efficiently uncover and exploit software vulnerabilities, prompting companies like Anthropic to carefully manage their powerful models. Anthropic's recent decision to limit access to its Claude Mythos Preview model to a select group of companies highlights the potential risks and costs associated with these cutting-edge AI systems.

US Lawmakers Urge Action on AI-Discovered Vulnerabilities
Thirty-five US lawmakers are urging the White House to create a plan to manage the impending flood of AI-discovered vulnerabilities, seeking a framework to handle security flaws exposed by advanced AI models. They want federal agencies and private-sector leaders to collaborate on strategies to tackle this emerging challenge.