Cybersecurity
General cybersecurity news and analysis

US Lawmakers Urge Action on AI-Discovered Vulnerabilities
Thirty-five US lawmakers are urging the White House to create a plan to manage the impending flood of AI-discovered vulnerabilities, seeking a framework to handle security flaws exposed by advanced AI models. They want federal agencies and private-sector leaders to collaborate on strategies to tackle this emerging challenge.

Akamai Bolsters AI Browser Security with $205M LayerX Acquisition
Akamai is taking browser security to the next level with its $205 million acquisition of LayerX, a cutting-edge startup that's changing the game with its innovative approach to securing interactions between users and applications. By integrating LayerX's technology, Akamai is bolstering its security stack to protect the increasingly AI-driven and cloud-based world.

European Banks Face AI-Driven Cyber Threats, Urged to Accelerate Defenses
European banks are being urged to rapidly bolster their cyber defenses as AI-driven threats escalate, with the ECB's vice-chair warning that inaction is not an option. Banks must adopt bank-specific, risk-based measures and redouble efforts to identify vulnerabilities using existing AI tools.

Enterprises Lag in Securing Autonomous AI Agents
Most organizations are struggling to keep pace with the rapid evolution of autonomous AI agents, which can introduce new risks and behaviors at machine speed. As these agents increasingly handle sensitive data, enterprises face a pressing need to update their security strategies and tools to mitigate the emerging threats of shadow AI and over-permissioned agents.

NGINX Vulnerability Exposes Servers to DoS, Potential Code Execution
A critical vulnerability, CVE-2026-42945, has been lurking in NGINX's code for 18 years, exposing servers to potential DoS attacks and code execution - and affecting a staggering third of the top-ranked websites. This heap buffer overflow flaw, rated 9.2 in severity, is a wake-up call for NGINX users to take immediate action.

Social Engineering Exposes Vulnerability in Corporate Networks
A clever phone call can be all it takes to breach a corporate network - just ask Brandon Dixon, a former penetration tester who convinced an IT security team to hand over root access by pretending to be their boss. With a simple social engineering trick, Dixon was able to reset his "password" and gain unrestricted access to the network.

Google Unveils Spyware Forensics Tool for High-Risk Android Users
Google's new Android Intrusion Logging tool helps high-risk users detect spyware attacks by recording suspicious activity, but raises concerns about sensitive data sharing and consent. To use it effectively, users must balance protection with secure log sharing and informed consent.

AI Hallucinations Expose Security Risks in Critical Infrastructure
Imagine a highly confident but fundamentally flawed advisor - that's what many AI models have become, with a staggering 36 out of 40 tested models more likely to provide incorrect answers with conviction than correct ones when faced with tough questions. This unsettling trend highlights a critical vulnerability in AI systems, particularly in high-stakes industries.

House Panel Scrutinizes Anthropic's Mythos Amid Cyber Risk Concerns
A recent closed-door briefing by Anthropic showed lawmakers firsthand how its advanced AI model, Mythos, can swiftly identify and reason through software vulnerabilities, highlighting the urgent need for federal agencies to access cutting-edge US models to stay ahead of cyber threats. This live demo reinforced the importance of responsible access to advanced AI for civilian cyber defenders to find and patch vulnerabilities before they can be exploited.

UK's ICO Unveils Five-Step Plan to Counter AI-Powered Cyber Threats
Boost your organization's defenses against AI-powered cyber threats with the UK's ICO five-step plan, and build public trust by putting robust security measures in place to protect personal data. By investing in cyber resilience, you can safeguard the data you hold and foster confidence in your organization's ability to keep it secure.

Dell SupportAssist Software Sparks Windows BSOD Crashes
Dell has confirmed that a recent update to its SupportAssist Remediation service is causing blue-screen-of-death crashes on some Windows systems, and is actively working to resolve the issue. The problematic update, version 5.5.16.0, affects many new Dell computers running Windows 10 or 11.

AI Agents Expose Organizations to Identity Security Risks
Most organizations are unwittingly rolling out AI agents that can open the door to identity security breaches, with 93% using or planning to use them for sensitive tasks like password resets and VPN access. Despite this, many admit that these agents create new vulnerabilities.

US Indicts Suspected Dream Market Admin on Money Laundering Charges
A suspected administrator of the now-defunct Dream Market has been indicted in the US on 12 federal counts of money laundering, with the Department of Justice alleging he used cryptocurrency to buy gold bars and ship them to his home in Germany. If convicted, he faces up to 20 years in prison for each count.

Linux Kernel Vulnerability Exposes Root Access Risk via Page Cache Corruption
A newly discovered Linux Kernel vulnerability, dubbed Fragnesia, allows unprivileged local attackers to corrupt the kernel page cache and gain root access, posing a significant risk to system security. This critical flaw, tracked as CVE-2026-46300, is the third local privilege escalation vulnerability found in Linux kernel in just two weeks.

NGINX Flaw Enables Unauthenticated Remote Code Execution
A critical 18-year-old vulnerability, known as NGINX Rift, has been discovered in NGINX Plus and NGINX Open Source, allowing unauthenticated attackers to remotely execute code with a single crafted HTTP request. This high-severity flaw, rated 9.2 on the CVSS v4 scale, poses a significant threat to vulnerable servers.

Cisco CEO Warns of Growing Risk from Unpatchable Technology
Cisco CEO Chuck Robbins warns that unpatchable technology poses a growing risk, and he's turning to AI tools like Anthropic's Claude Mythos to accelerate modernization and safeguard infrastructure. By leveraging Mythos, Cisco aims to not only boost productivity but also help customers replace outdated equipment that can no longer be patched.

Cisco Restructures, Lays Off 4,000 Staff Amid AI-Focused Growth
Cisco is making a bold move into the AI era, restructuring its workforce to drive growth and innovation, with a commitment to supporting impacted employees through personalized learning and career development opportunities. As part of this shift, the company will provide one year of access to its top courses and certifications, covering AI, Security, Networking, and more.

AWS Discloses Flaw in Quick Access Control
AWS swiftly addressed a security flaw in Quick Access, discovered by Fog Security, which could have allowed unauthorized users to bypass access controls, and fortunately, no customer data was compromised. The issue was resolved in March 2026, with no action required from customers.

AI-Powered Bug Hunting Spurs Surge in Patches
While AI-powered bug hunting may mean more patches and work for admins in the short term, it also means a significant boost in identifying and fixing security holes - like the 75 issues frontier models found across 130 Palo Alto Networks products. This surge in patches is a small price to pay for a major leap in cybersecurity.

Exaforce Secures $125M to Accelerate Real-Time Cyber Reasoning
In a world where cyber threats move at lightning speed, Exaforce founder Ankur Singla stresses that defense must too, with humans supervising while machines react in real-time. His startup's innovative platform aims to make this vision a reality with autonomous, near-instant responses to enterprise telemetry.

OpenAI Launches Daybreak to Bolster Cybersecurity with AI-Powered Vulnerability Detection
OpenAI's new Daybreak platform is revolutionizing cybersecurity with AI-powered vulnerability detection, empowering organizations to spot risks earlier and build resilient software from the ground up. By harnessing the power of large language models, Daybreak helps teams identify, patch, and validate software vulnerabilities faster than ever before.

UK Plans Overhaul of Cybersecurity Law to Bolster Defenses
King Charles III has announced plans to revamp the UK's cybersecurity law, introducing a new Cyber Security and Resilience Bill to strengthen the country's defenses against growing threats from foreign state entities and their proxies. This overhaul aims to modernize Britain's cyber posture and bolster its digital security.

IMF Warns AI Exacerbates Cyber Risk to Financial Stability
The International Monetary Fund warns that artificial intelligence is supercharging cyber risk, transforming it into a potential threat to global financial stability. A single vulnerability exploited across multiple institutions could have devastating consequences for the entire financial ecosystem.

Exim Flaw Exposes Servers to Remote Code Execution
A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.