Skip to main content

Cybersecurity

General cybersecurity news and analysis

Security researchers gather around a large screen displaying code in a modern conference setting, symbolizing the discovery…

Security Researchers Uncover 47 Zero-Days at Pwn2Own Berlin

In a thrilling three-day competition, security researchers at Pwn2Own Berlin uncovered a staggering 47 zero-day vulnerabilities, raking in nearly $1.3 million in prize money, with the Devcore Research Team taking home a whopping $505,000. The top prizes included a $200,000 award for a VMware ESXi exploit and a $100,000 prize for a Microsoft SharePoint hack.

Analyst 207
Technicians in a dimly lit server room with rows of humming computer servers and storage systems.

UK Regulators Warn Financial Firms on Frontier AI Cybersecurity Risks

UK regulators are sounding the alarm: as frontier AI models advance, financial firms must urgently bolster their cyber defences to avoid catastrophic threats to safety, customers, and financial stability. The warning comes as AI capabilities increasingly outpace human expertise, offering malicious actors unprecedented speed, scale, and low-cost opportunities to wreak havoc.

Analyst 207
Laptop on cluttered desk with nearly full hard drive indicator and blank screen.

Microsoft Windows 11 Update Fails to Install Due to EFI Space Issue

Struggling with a frustrating update fail? The latest Windows 11 security update may not install on your device due to a sneaky space issue on the EFI System Partition, causing error code 0x800f0922 and an automatic rollback.

Analyst 207
Dimly lit server room with equipment and one glowing server screen.

DirtyDecrypt Flaw Exposes Linux Systems to Root Access Risk

A newly patched Linux kernel flaw, dubbed DirtyDecrypt, has been exposed through a public proof-of-concept exploit that can grant root access to vulnerable systems. This critical vulnerability was recently patched, but a public exploit is now available, putting Linux systems at risk.

Analyst 207
Security researchers work at computer stations in a brightly-lit conference setting.

Security Researchers Exploit 47 Zero-Days for $1.3 Million at Pwn2Own Berlin

In a stunning display of cybersecurity prowess, researchers at Pwn2Own Berlin 2026 exploited a whopping 47 zero-day flaws, raking in a total of $1.3 million in just three days. The competition saw contestants disclose and exploit vulnerabilities in top enterprise and AI-facing products, earning daily payouts of $523,000, $385,750, and $389,500.

Analyst 207
Person working at computer workstation surrounded by Linux notes and documentation.

AI-Powered Bug Hunters Overwhelm Linux Security List

If you're using AI tools to find bugs, make sure to go the extra mile by creating a patch and adding real value to your report, rather than just sending a superficial notice. Don't be a drive-by reporter - take the time to understand the issue and contribute meaningfully.

Analyst 207
Servers in a data center with cables, representing a secure cloud computing environment.

Microsoft Disputes Azure Vulnerability Report, Silent Patch Issued

Security researcher Justin O'Leary claims a critical flaw in Azure Backup for AKS could let users with zero Kubernetes permissions gain full cluster administration, but Microsoft disputes the finding. The tech giant quietly issued a patch without acknowledging the vulnerability.

Analyst 207
Network operations center with large screen displaying internet map and analysts at workstations.

SecurityScorecard Bolsters Internet Visibility with Driftnet Acquisition

SecurityScorecard has acquired Driftnet, an internet scanning startup, to supercharge its third-party risk management capabilities with deeper, real-time visibility into internet infrastructure and hidden exposures. This strategic move allows SecurityScorecard to directly control data quality and drive future innovation in AI security.

Analyst 207
Person in dim indoor setting with thoughtful expression, surrounded by blurred tech representations.

Zero-Knowledge Proofs Evolve to Bypass Age-Verification Checks

As the digital landscape continues to shift, it's only a matter of time before you'll have to face the music - and the cameras - when it comes to age verification checks. But what's really behind these on-camera checks: protecting kids or creating a way for governments to control access to online platforms?

Analyst 207
Researchers collaborate in a modern lab with AI equipment and large display screens showing code visualizations.

Microsoft Unveils 100-Agent AI System for Advanced Bug Hunting

Microsoft has just unveiled MDASH, a game-changing AI system that leverages 100 specialized agents to supercharge bug hunting and vulnerability discovery. This cutting-edge technology combines multiple AI models to outperform traditional single-model approaches, giving enterprises a powerful new defense against cyber threats.

Analyst 207
Brightly-lit conference room with rows of seating and a prominent stage.

Hackers Disrupt Microsoft Exchange, Windows 11 at Pwn2Own Contest

Security researchers just scored big at Pwn2Own Berlin 2026, raking in $385,750 for exploiting 15 zero-day vulnerabilities in top tech targets like Microsoft Exchange and Windows 11. The contest, running from May 14-16, offers up to $1 million in prizes for hacking the latest enterprise technologies.

Analyst 207
Laptop on a clean surface with a blurred screen, surrounded by ordinary indoor lighting.

OpenClaw Flaws Expose Data, Enable Privilege Escalation

A chain of four vulnerabilities, dubbed Claw Chain, in OpenClaw can be exploited to turn an agent into a powerful tool for attackers, allowing them to extract sensitive data, escalate privileges, and plant backdoors for long-term access. This flaw chain enables adversaries to gain a foothold, move undetected, and wreak havoc on an OpenClaw-managed environment.

Analyst 207
Web development workspace with laptop and coding materials on desk.

Avada Builder Flaws Expose WordPress Sites to Credential Theft

A critical vulnerability in the Avada Builder WordPress plugin, used by an estimated one million active installations, leaves sites exposed to credential theft and data breaches. Two flaws, CVE-2026-4782 and CVE-2026-4798, allow attackers to read sensitive files and extract database information, putting your site at risk.

Analyst 207
Laptop screen on a desk shows a blurred password manager page with a hand hovering over the keyboard.

Microsoft Alters Edge to Mitigate Password Exposure Risk

Microsoft is taking a major step to boost password security in its Edge browser, rolling out a defense-in-depth change to mitigate the risk of password exposure. This update will be applied across all supported Edge versions, prioritizing a swift rollout to protect users.

Analyst 207
Dimly lit server room with humming racks and tangled cables, showing signs of system distress and potential failure.

Autonomous AI Exposes Gaps in Enterprise Resilience Plans

As organizations deploy autonomous AI, they're exposing gaps in their resilience plans, putting business continuity at risk and creating new operational and infrastructure challenges for IT teams to navigate. Traditional security and recovery models are ill-equipped to handle the machine-speed, dynamic environments that autonomous AI creates.

Analyst 207
Modern corporate office interior with a large blank screen in a sleek conference room.

Autonomous AI Exposes Governance Gaps in Enterprise Security

As autonomous AI revolutionizes enterprise security, it's also revealing alarming governance gaps that can leave organizations in highly regulated environments exposed to unprecedented risks. The rapid adoption of autonomous AI is creating a trust gap, where innovation outpaces control, and novel risks to visibility, control, and regulatory compliance are emerging.

Analyst 207
Executives in a meeting room discuss technology with laptops and notes nearby.

Enterprises Lag in AI-Agent Risk Mitigation Despite Funding

Most enterprise leaders are bracing for a major security breach or fraud incident driven by AI agents within the next year, yet their organizations are woefully unprepared to mitigate the risks. A recent survey of 300 security leaders reveals a stark gap between threat awareness and adequate safeguards.

Analyst 207
Busy office scene with wireless devices and equipment on a table, surrounded by people working.

Wireless Vulnerabilities Skyrocket, Outpacing Traditional Threats

The number of wireless vulnerabilities has skyrocketed, with a staggering 937 new threats discovered in 2025 alone - that's 2.5 new vulnerabilities every day. This represents a 60% increase since the start of 2024, and a growth rate that's 20 times faster than traditional threats over the last 15 years.

Analyst 207
Windows 11 workstation on a clutter-free desk in an office setting.

Bitdefender Exposes Hidden Attack Surface in Trusted Tools

Did you know that 84% of high-severity incidents involve the abuse of trusted tools, making them nearly invisible to traditional security measures? This shocking statistic highlights the alarming ease with which attackers can hide in plain sight, using legitimate tools against you.

Analyst 207
Windows computer screen displays system update information in a clean workspace setting.

Microsoft Introduces Automated Windows Driver Rollback Feature

Microsoft's new Cloud-Initiated Driver Recovery feature lets them swiftly roll back faulty Windows drivers, so you don't have to - no more manual uninstalls or waiting for an updated driver from the hardware partner. This means your device can quickly get back on track with a reliable driver.

Analyst 207
Government official interacts with digital interface in secure facility.

US Cyber Official Warns of AI-Driven Identity Security Risks

As AI-driven threats evolve, securing identities is more crucial than ever - in fact, a top US cyber official warns that controlling who and what gets onto a network is now our first line of defense. By prioritizing identity security, we can prevent attackers from exploiting vulnerabilities and gaining a foothold in our systems.

Analyst 207
Rows of secure computer servers and networking equipment in a well-organized data storage room.

Federal Leaders Modernize Networks to Bolster Security and Scale

Federal leaders are on a critical mission to modernize their networks, and it's a challenge that requires constant momentum and adaptability in a high-pressure, global landscape. By upgrading their IT infrastructure, they're working to achieve a crucial goal: delivering secure, seamless connectivity that can keep pace with their dynamic needs.

Analyst 207
Cluttered desk with laptop, notes, and diagrams, hint of coding tool in background.

Generative AI Exposes Software Vulnerabilities at Scale

Generative AI is rapidly advancing and can now efficiently uncover and exploit software vulnerabilities, prompting companies like Anthropic to carefully manage their powerful models. Anthropic's recent decision to limit access to its Claude Mythos Preview model to a select group of companies highlights the potential risks and costs associated with these cutting-edge AI systems.

Analyst 207
Bipartisan lawmakers stand in a formal congressional hearing room with laptops and papers on a large wooden table.

US Lawmakers Urge Action on AI-Discovered Vulnerabilities

Thirty-five US lawmakers are urging the White House to create a plan to manage the impending flood of AI-discovered vulnerabilities, seeking a framework to handle security flaws exposed by advanced AI models. They want federal agencies and private-sector leaders to collaborate on strategies to tackle this emerging challenge.

Analyst 207