Skip to main content

Cybersecurity

General cybersecurity news and analysis

Linux developer in dimly lit workspace looks concerned amidst computer screens and notes.

Linux Defenders Scramble to Outpace Exploit Cycle

Linux defenders are racing against the clock to outmaneuver exploiters, with one maintainer proposing a temporary "kill switch" to disable vulnerable kernel functions until a proper patch can be developed. This stopgap solution aims to buy crucial time between vulnerability discovery and patch release.

Analyst 207
Smartphone screen showing messaging interface with blurred contacts and verified name label.

Signal Bolsters Defenses Against Social Engineering, Phishing Attacks

Stay one step ahead of scammers with Signal's latest update, designed to help you spot fake profiles and phishing attempts with added confirmations and warning messages. You'll now see a "Name not verified" label and get richer safety tips to make sure you're chatting with the real deal.

Analyst 207
Security practitioners overlook threats on a large computer screen in a brightly-lit cloud data center.

Security Teams Overlook AI-Enabled Threats in Cloud Risk Management

Cyber threats are evolving at an alarming rate, with AI-enabled attackers now launching faster and more sophisticated attacks on cloud and hybrid environments. Security teams must stay vigilant against emerging threats like AI-driven phishing, malware, and credential compromise.

Analyst 207
Windows 10 laptop on a clean surface with open screen displaying a blurred image.

Microsoft Releases Urgent Windows 10 Update to Fix Security Flaws

Microsoft just dropped a critical Windows 10 update, KB5087544, to squash 120 security flaws and fix frustrating Remote Desktop issues - and it's a must-install to keep your system safe and running smoothly. This urgent patch also tackles Secure Boot state and certificate changes to give you added peace of mind.

Analyst 207
Rows of computer workstations and a large screen in a brightly-lit tech facility.

Microsoft Patch Tuesday Addresses 120 Vulnerabilities

Microsoft's May 2026 Patch Tuesday rollout is a doozy, tackling a whopping 120 vulnerabilities in one fell swoop - and thankfully, there are no zero-day threats to worry about this time around. This massive update means admins have their work cut out for them, but it's a big win for security.

Analyst 207
Windows 11 laptop on a desk showing a Windows Update screen with a progress bar and security symbols.

Microsoft Releases Mandatory Windows 11 Updates to Fix 120 Vulnerabilities

Microsoft just dropped some essential updates for Windows 11, tackling a whopping 120 vulnerabilities in one go! These mandatory patches, available as KB5089549 and KB5087420, are now live and ready to boost your system's security.

Analyst 207
European cybersecurity officials gather around a sleek computer workstation.

OpenAI Bolsters Europe's Cybersecurity With Model Access

OpenAI is ramping up Europe's cybersecurity game by granting restricted access to its cutting-edge vulnerability-finding model, GPT-5.5-Cyber, to dozens of European organizations through its new Trusted Access for Cyber program. This move will empower defenders to swiftly protect systems and respond to threats, while also addressing security concerns with greater transparency.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit mail server room.

Exim BDAT Flaw Exposes GnuTLS Builds to Code Execution Risk

A newly discovered vulnerability, dubbed Dead.Letter, threatens Exim builds that use GnuTLS, allowing attackers to exploit a use-after-free flaw in BDAT handling and potentially execute malicious code. This critical flaw can be triggered when a specific sequence of BDAT and TLS commands is sent, leading to heap corruption and a heightened risk of code execution.

Analyst 207
Secure facility with a computer terminal on a desk and blurred server racks in the background.

Fortinet Disrupts Critical RCE Flaws in FortiSandbox, FortiAuthenticator

Fortinet has patched a critical remote code execution vulnerability in its FortiAuthenticator and FortiSandbox products, which could have allowed unauthenticated attackers to run unauthorized code or commands. The company has released fixed builds to address the flaw, tracked as CVE-2026-44277, and urges users to update to versions 6.5.7, 6.6.9, or 8.0.3 to stay secure.

Analyst 207

Android 17 Bolsters Defenses Against Banking Scams, Device Theft

Stay one step ahead of scammers with Android 17's cutting-edge security features, including robust protection against banking scam calls and device theft. Android 17 will work hand-in-hand with banking apps to detect and block spoofed calls, giving you an added layer of defense against financial threats.

Analyst 207
Smartphone on a lab bench with forensic tools in the background, under bright daylight.

Google Bolsters Android Security to Counter Spyware Vendors

Google's new Intrusion Logging feature is a game-changer in the fight against spyware, helping digital forensics researchers uncover sophisticated attacks on Android devices. By recording security incidents like device unlocking and spyware installation, it provides crucial evidence to investigate and take down these threats.

Analyst 207
Rows of computer servers and network equipment in a brightly-lit server room with neatly organized cables and wires.

AI Adoption Exposes New Vulnerabilities in APAC Cybersecurity

As AI systems increasingly become integral to business operations, they're also emerging as a major insider threat, with 7 in 10 APAC organisations now identifying AI as their top data security risk. This new breed of threat is forcing companies to rethink their cybersecurity strategies and take a closer look at the vulnerabilities AI can introduce.

Analyst 207
Developer workstation with laptop and coding tools in a clean room with natural daylight and abstract software diagram on…

OpenAI Launches Daybreak to Bolster Secure Software Development

OpenAI has launched Daybreak, an innovative initiative that helps developers build secure software from the ground up, accelerating cyber defenders and continuously securing software. By integrating cutting-edge models like GPT-5.5, Daybreak shifts security to the forefront of the software development lifecycle.

Analyst 207
Two smartphones on a table, displaying chat interfaces with a lock icon, set against a blurred cityscape background.

Google and Apple Roll Out Cross-Platform RCS Encryption

Big news for messaging security: Apple and Google have just launched a beta rollout of end-to-end encrypted RCS messaging, allowing for more secure conversations between iPhone and Android users worldwide. This update enables encryption by default, marked with a lock icon, and is available to users with supported carriers and devices.

Analyst 207
Rows of computer servers and storage equipment in a brightly-lit data center setting.

SAP Patches Critical Flaws in Commerce Cloud and S/4HANA

SAP has patched a critical vulnerability in its Commerce Cloud and S/4HANA systems, warning that hackers could exploit the flaw to upload malicious code and take control of the application. This security gap, caused by a misconfigured Spring Security setup, put sensitive data and system integrity at risk.

Analyst 207
Two smartphones, an iPhone and an Android device, sit side by side on a clean surface with a modern background.

Apple and Google Boost Cross-Platform Messaging with End-to-End Encryption

Say goodbye to the green bubble blues! iPhone and Android users can now send end-to-end encrypted messages to each other, thanks to a game-changing collaboration between Apple and Google.

Analyst 207
Researcher interacts with computer workstation surrounded by screens displaying code and vulnerability analysis in a…

OpenAI Unveils Daybreak to Automate Vulnerability Detection and Patching

Meet Daybreak, a game-changing cybersecurity tool from OpenAI that supercharges vulnerability detection and patching with cutting-edge AI, helping organizations stay one step ahead of attackers and making the world a safer place. By combining AI intelligence with advanced code analysis, Daybreak identifies and fixes vulnerabilities faster than ever before.

Analyst 207
Japanese government officials gather around a table with a computer system representation, with a cityscape visible through…

Japan Orders Cybersecurity Overhaul to Contain Mythos Threat

Japan's prime minister has launched a urgent cybersecurity review to prevent a potentially catastrophic cyberattack, dubbed "CyberZilla", which could unleash unprecedented scale and speed of digital destruction. The goal is to stop the threat, known as Mythos, from wreaking havoc on the country's digital landscape.

Analyst 207
Smartphone on a neutral surface with blurred cityscape background.

Apple Deploys End-to-End Encryption for RCS Messaging

Big news for messaging security: Apple just rolled out end-to-end encryption for RCS messaging in its latest iOS 26.5 update, giving users an extra layer of protection when chatting with friends and family across different devices and platforms.

Analyst 207
Windows office workstations with computers and monitors in daylight-lit setting, highlighting potential vulnerabilities in…

Attackers Exploit AD CS for Stealthy Privilege Escalation

Malicious actors are exploiting weaknesses in Active Directory Certificate Services (AD CS) to secretly escalate privileges, often disguising their attacks as routine administrative actions. This stealthy tactic allows them to blend in with normal operations, making it a high-impact threat that's often under-monitored.

Analyst 207
A text document on a laptop screen with a nearly imperceptible line of white text blending into the white background.

Steganography Exploits LLMs with Hidden Text Techniques

Want to hide text in plain sight? Try using white text on a white background or black text on a black background - simple yet effective visual tricks that can evade human eyes while remaining readable by machines.

Analyst 207
A Windows computer workstation with file explorer open in a dimly lit office setting.

GhostLock Exploits Windows API to Disrupt File Access

Meet GhostLock, a proof-of-concept that cleverly exploits Windows API to disrupt file access, causing operational downtime without data loss, similar to the impact of ransomware. By manipulating the CreateFileW sharing parameter, GhostLock effectively locks files, leaving other processes in the dark with a sharing violation error.

Analyst 207
Modern office space with employees packing up and empty chairs, surrounded by natural light and plants.

Cloudflare and Arctic Wolf Slash Staff Amid AI-Driven Overhaul

Cloudflare and Arctic Wolf are shaking things up with a major AI-driven overhaul, cutting staff to make way for a world-class, high-growth operation that's harnessing the power of artificial intelligence. This move isn't about cost-cutting, but about revolutionizing how these companies create value in the agentic AI era.

Analyst 207
Researchers work on code and data visualizations at a computer terminal in a university research setting.

AI Researchers Tackle SIEM Migration Bottleneck with Automation Tool

Researchers have made a breakthrough in streamlining SIEM migration with an innovative automation tool called ARuleCon, which can slash months of manual rule rewrites into mere batch operations. This game-changing system uses a three-stage conversion pipeline and large language models to rapidly translate complex rules, cutting conversion time to just 140 seconds.

Analyst 207