Cybersecurity
General cybersecurity news and analysis

Linux Defenders Scramble to Outpace Exploit Cycle
Linux defenders are racing against the clock to outmaneuver exploiters, with one maintainer proposing a temporary "kill switch" to disable vulnerable kernel functions until a proper patch can be developed. This stopgap solution aims to buy crucial time between vulnerability discovery and patch release.

Signal Bolsters Defenses Against Social Engineering, Phishing Attacks
Stay one step ahead of scammers with Signal's latest update, designed to help you spot fake profiles and phishing attempts with added confirmations and warning messages. You'll now see a "Name not verified" label and get richer safety tips to make sure you're chatting with the real deal.

Security Teams Overlook AI-Enabled Threats in Cloud Risk Management
Cyber threats are evolving at an alarming rate, with AI-enabled attackers now launching faster and more sophisticated attacks on cloud and hybrid environments. Security teams must stay vigilant against emerging threats like AI-driven phishing, malware, and credential compromise.

Microsoft Releases Urgent Windows 10 Update to Fix Security Flaws
Microsoft just dropped a critical Windows 10 update, KB5087544, to squash 120 security flaws and fix frustrating Remote Desktop issues - and it's a must-install to keep your system safe and running smoothly. This urgent patch also tackles Secure Boot state and certificate changes to give you added peace of mind.

Microsoft Patch Tuesday Addresses 120 Vulnerabilities
Microsoft's May 2026 Patch Tuesday rollout is a doozy, tackling a whopping 120 vulnerabilities in one fell swoop - and thankfully, there are no zero-day threats to worry about this time around. This massive update means admins have their work cut out for them, but it's a big win for security.

Microsoft Releases Mandatory Windows 11 Updates to Fix 120 Vulnerabilities
Microsoft just dropped some essential updates for Windows 11, tackling a whopping 120 vulnerabilities in one go! These mandatory patches, available as KB5089549 and KB5087420, are now live and ready to boost your system's security.

OpenAI Bolsters Europe's Cybersecurity With Model Access
OpenAI is ramping up Europe's cybersecurity game by granting restricted access to its cutting-edge vulnerability-finding model, GPT-5.5-Cyber, to dozens of European organizations through its new Trusted Access for Cyber program. This move will empower defenders to swiftly protect systems and respond to threats, while also addressing security concerns with greater transparency.

Exim BDAT Flaw Exposes GnuTLS Builds to Code Execution Risk
A newly discovered vulnerability, dubbed Dead.Letter, threatens Exim builds that use GnuTLS, allowing attackers to exploit a use-after-free flaw in BDAT handling and potentially execute malicious code. This critical flaw can be triggered when a specific sequence of BDAT and TLS commands is sent, leading to heap corruption and a heightened risk of code execution.

Fortinet Disrupts Critical RCE Flaws in FortiSandbox, FortiAuthenticator
Fortinet has patched a critical remote code execution vulnerability in its FortiAuthenticator and FortiSandbox products, which could have allowed unauthenticated attackers to run unauthorized code or commands. The company has released fixed builds to address the flaw, tracked as CVE-2026-44277, and urges users to update to versions 6.5.7, 6.6.9, or 8.0.3 to stay secure.
Android 17 Bolsters Defenses Against Banking Scams, Device Theft
Stay one step ahead of scammers with Android 17's cutting-edge security features, including robust protection against banking scam calls and device theft. Android 17 will work hand-in-hand with banking apps to detect and block spoofed calls, giving you an added layer of defense against financial threats.

Google Bolsters Android Security to Counter Spyware Vendors
Google's new Intrusion Logging feature is a game-changer in the fight against spyware, helping digital forensics researchers uncover sophisticated attacks on Android devices. By recording security incidents like device unlocking and spyware installation, it provides crucial evidence to investigate and take down these threats.

AI Adoption Exposes New Vulnerabilities in APAC Cybersecurity
As AI systems increasingly become integral to business operations, they're also emerging as a major insider threat, with 7 in 10 APAC organisations now identifying AI as their top data security risk. This new breed of threat is forcing companies to rethink their cybersecurity strategies and take a closer look at the vulnerabilities AI can introduce.

OpenAI Launches Daybreak to Bolster Secure Software Development
OpenAI has launched Daybreak, an innovative initiative that helps developers build secure software from the ground up, accelerating cyber defenders and continuously securing software. By integrating cutting-edge models like GPT-5.5, Daybreak shifts security to the forefront of the software development lifecycle.

Google and Apple Roll Out Cross-Platform RCS Encryption
Big news for messaging security: Apple and Google have just launched a beta rollout of end-to-end encrypted RCS messaging, allowing for more secure conversations between iPhone and Android users worldwide. This update enables encryption by default, marked with a lock icon, and is available to users with supported carriers and devices.

SAP Patches Critical Flaws in Commerce Cloud and S/4HANA
SAP has patched a critical vulnerability in its Commerce Cloud and S/4HANA systems, warning that hackers could exploit the flaw to upload malicious code and take control of the application. This security gap, caused by a misconfigured Spring Security setup, put sensitive data and system integrity at risk.

Apple and Google Boost Cross-Platform Messaging with End-to-End Encryption
Say goodbye to the green bubble blues! iPhone and Android users can now send end-to-end encrypted messages to each other, thanks to a game-changing collaboration between Apple and Google.

OpenAI Unveils Daybreak to Automate Vulnerability Detection and Patching
Meet Daybreak, a game-changing cybersecurity tool from OpenAI that supercharges vulnerability detection and patching with cutting-edge AI, helping organizations stay one step ahead of attackers and making the world a safer place. By combining AI intelligence with advanced code analysis, Daybreak identifies and fixes vulnerabilities faster than ever before.

Japan Orders Cybersecurity Overhaul to Contain Mythos Threat
Japan's prime minister has launched a urgent cybersecurity review to prevent a potentially catastrophic cyberattack, dubbed "CyberZilla", which could unleash unprecedented scale and speed of digital destruction. The goal is to stop the threat, known as Mythos, from wreaking havoc on the country's digital landscape.

Apple Deploys End-to-End Encryption for RCS Messaging
Big news for messaging security: Apple just rolled out end-to-end encryption for RCS messaging in its latest iOS 26.5 update, giving users an extra layer of protection when chatting with friends and family across different devices and platforms.

Attackers Exploit AD CS for Stealthy Privilege Escalation
Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often under-monitored.

Steganography Exploits LLMs with Hidden Text Techniques
Want to hide text in plain sight? Try using white text on a white background or black text on a black background - simple yet effective visual tricks that can evade human eyes while remaining readable by machines.

GhostLock Exploits Windows API to Disrupt File Access
Meet GhostLock, a proof-of-concept that cleverly exploits Windows API to disrupt file access, causing operational downtime without data loss, similar to the impact of ransomware. By manipulating the CreateFileW sharing parameter, GhostLock effectively locks files, leaving other processes in the dark with a sharing violation error.

Cloudflare and Arctic Wolf Slash Staff Amid AI-Driven Overhaul
Cloudflare and Arctic Wolf are shaking things up with a major AI-driven overhaul, cutting staff to make way for a world-class, high-growth operation that's harnessing the power of artificial intelligence. This move isn't about cost-cutting, but about revolutionizing how these companies create value in the agentic AI era.

AI Researchers Tackle SIEM Migration Bottleneck with Automation Tool
Researchers have made a breakthrough in streamlining SIEM migration with an innovative automation tool called ARuleCon, which can slash months of manual rule rewrites into mere batch operations. This game-changing system uses a three-stage conversion pipeline and large language models to rapidly translate complex rules, cutting conversion time to just 140 seconds.