Skip to main content

Cybersecurity

General cybersecurity news and analysis

Laptop screen displays Jenkins plugin interface with code environment, beside blurred smartphone and sticky notes.

TeamPCP Breaches Checkmarx Jenkins Plugin Again

If you're using the Checkmarx Jenkins AST plugin, make sure you're on a safe footing by using version 2.0.13-829.vc72453fa_1c16 or earlier, published on December 17, 2025, as newer versions may be vulnerable. Checkmarx has since released a patched version, 2.0.13-848.v76e89de8a_053, available on GitHub and the Jenkins Marketplace.

Analyst 207
Cluttered office desk with laptop and papers near a window overlooking a cityscape.

Small Businesses Exposed to Growing Cyber Threats Without Cybersecurity Leadership

Small businesses are playing with fire, exposing themselves to devastating cyberattacks that can cost over $250,000 - a staggering amount that's roughly equivalent to the salary of a chief information security officer (CISO). By not investing in cybersecurity leadership, they're essentially rolling the dice against increasingly automated threats.

Analyst 207
Cluttered workstation with researcher in background looking at laptop.

Linux Distributions Scramble to Patch Dirty Frag Kernel Vulnerabilities

A critical vulnerability known as Dirty Frag has been discovered in the Linux kernel, allowing attackers with local access to gain root privileges across major distributions. Linux distributions are now racing against the clock to patch this chained local privilege escalation flaw.

Analyst 207
Server room setup with computers and networking equipment in a brightly-lit corporate IT environment.

Active Directory Breaches Persist After Password Resets

Resetting passwords isn't enough to keep hackers at bay, especially in Active Directory environments where cached credentials and sync delays can leave gaping security holes. Even after a password reset, attackers can still find ways to exploit outdated credentials and gain unauthorized access.

Analyst 207
Security operations center with analysts at workstations and multiple screens displaying data, set against an urban backdrop.

Autonomous Teaming Closes Defenders' Speed Gap

The alarmingly rapid pace of cyber threats has left defenders scrambling to keep up, with the time from vulnerability disclosure to working exploit dwindling from 56 days in 2024 to a staggering 10 hours in 2026. Meanwhile, defenders are still stuck on human time, struggling to match the lightning-fast speed of attackers who now operate in seconds.

Analyst 207
Router on a rack with cables connected, in a neutral-colored room with ordinary lighting.

FCC Extends Security Update Deadline for Banned Routers

The FCC is giving banned routers a lifeline with an extended security update deadline, ensuring they stay safe and functional with continued software and firmware updates. This move comes after the commission banned the import and sale of certain foreign-made routers in March 2026 due to national security concerns.

Analyst 207
Radio communication console in a control room with a blurred background.

Vulnerabilities in TETRA Radio System Expose Global Security Risks

A single misstep in a radio system can send critical infrastructure crashing down - as Taiwan's bullet train system learned the hard way when a university student's clever hack with a radio and online kit brought the entire network to a standstill for nearly an hour. The incident highlights the urgent need for robust defenses to safeguard our global security.

Analyst 207
Cluttered home interior with laptop, papers, and cables, blurred details.

Police Disrupt Relaunched Crimenetwork Dark Web Marketplace

In a major blow to dark web crime, a 35-year-old German citizen was arrested in Mallorca for relaunched Crimenetwork marketplace. He built an entirely new online infrastructure just days after the previous version was shut down.

Analyst 207
Spanish National Police officers in formal attire stand in a official setting.

German Police Disrupts Crimenetwork Marketplace, Arrests Admin

In a major blow to darknet crime, German police have arrested a 35-year-old man suspected of running a rebooted version of the notorious Crimenetwork marketplace, thanks to a slick cross-border operation. The suspect, detained in Mallorca by Spanish police, will face justice in a German court.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit data center.

cPanel Discloses Fixes for High-Severity Vulnerabilities

cPanel has patched three high-severity vulnerabilities, including a critical flaw that allows hackers to execute arbitrary Perl code, putting your online data at risk. The fixes address weaknesses that could be exploited to read sensitive files, disrupt service, or execute malicious code.

Analyst 207
Chrome browser window on laptop with multiple extensions, displaying blurred Claude AI interface on cluttered desk near…

Claude AI Extension Flaw Enables Cross-Plugin Hijacking

A security flaw in the Claude AI Chrome extension could put users at risk, as it allows other browser extensions to issue commands to Claude without verification. This vulnerability creates a backdoor for hackers to hijack the AI model, warns LayerX senior researcher Aviad Gispan.

Analyst 207
Government officials gather around a table with a laptop, symbolizing coordination and planning on cybersecurity.

Schumer Urges DHS to Bolster AI Cyber Defenses with State, Local Governments

Senate Minority Leader Chuck Schumer is sounding the alarm on the urgent need for stronger AI cyber defenses, warning that there's a high-stakes race between cybersecurity defenders and AI-enabled hackers. He’s pressing the Department of Homeland Security to team up with state and local governments to stay ahead of rapidly evolving threats.

Analyst 207
Medical devices and equipment in a hospital setting with autonomous AI agent terminals in the foreground displaying…

Autonomous AI Agents Expose Hidden Vulnerabilities in Real-World Deployments

Researchers uncovered a shocking 91% of autonomous AI agent deployments are vulnerable to tool-chaining attacks, revealing a critical weakness in current governance approaches. This startling finding highlights the urgent need for updated security measures to protect AI systems in healthcare, finance, customer service, and software development.

Analyst 207
Security analysts overwhelmed in a brightly lit operations center with multiple screens.

AI Overload: SOCs Struggle to Keep Pace with Alert Backlog

The harsh reality is that security operations centers (SOCs) are drowning in a sea of alerts, with a typical workload of 120-150 alerts per day, which translates to 40-50 analyst-hours of work - far exceeding the capacity of most teams. This means many alerts are left uninvestigated or pushed to the next shift, leaving SOCs vulnerable to threats.

Analyst 207
Smartphone screen with blurred chat interface on a neutral desk background.

Meta Reverses Instagram Encryption Stance

Meta has backtracked on its plan to introduce end-to-end encryption for Instagram messages, leaving direct messages stored and transmitted in plaintext, giving the company access to user conversations. This move reverses years of promotion for enhanced messaging security.

Analyst 207
Students collaborate in a brightly-lit workspace surrounded by laptops and technology.

US Steers Cybersecurity Scholarship Program Toward AI

The US government is overhauling its CyberCorps Scholarship For Service program, rebranding it as CyberAI SFS, to prioritize AI skills in cybersecurity. Students enrolled in the program will now need to be proficient in using AI to stay employable after graduation.

Analyst 207
Laptop on a beige desk in a neutral office setting with soft daylight.

xrdp Vulnerability Exposes Remote Code Execution Risk

A critical vulnerability, CVE-2025-68670, was discovered in the xrdp remote desktop server, allowing for remote code execution - a flaw that was thankfully patched in January 2026. This security risk was found during a routine audit, highlighting the importance of regular security checks to protect against potential threats.

Analyst 207
Security analysts work at desks in a brightly-lit operations center surrounded by multiple screens and computer equipment.

Low-Severity Alerts Expose Hidden Threats in Enterprise Security

Don't let low-severity alerts fly under the radar - nearly 1% of confirmed incidents come from these seemingly minor warnings, translating to around one missed breach per week for a typical enterprise. This small but significant gap in enterprise security can have big consequences.

Analyst 207
Interior of a government building with a judge's bench and tall windows.

Contractor Convicted for Destroying Dozens of Federal Databases

A contractor's reckless actions led to the destruction of dozens of federal databases, showcasing a staggering disregard for the security and integrity of sensitive government information. After being terminated on February 18, 2025, the contractor and his twin brother intentionally caused chaos by accessing computers without authorization and deleting crucial data.

Analyst 207

Pentagon Disrupts AI Vendor Lock-in with Multi-Provider Deals

The Pentagon is shaking up its AI strategy, ditching the single-vendor approach and embracing a multi-provider model to ensure seamless integration with classified systems. This bold move follows a hard-won lesson: relying on one AI vendor just won't cut it.

Analyst 207
Modern computer workspace with laptop, coding tools, and high-tech environment in background.

Pentagon Sees AI Tools Boosting Cyber Defense Capabilities

The Pentagon is banking on AI tools to supercharge its cyber defense capabilities, with Assistant Secretary for Cyber Policy Katherine Sutton touting their potential to develop secure code in minutes to seconds. This revolutionary speed could transform the current defensive posture, outpacing threats and safeguarding against vulnerabilities at unprecedented rates.

Analyst 207
Cluttered desk with laptop, coding tools, and papers, hinting at software development work.

Mozilla Reveals AI-Powered Bug Detection Boosts Firefox Security Fixes

Mozilla's April bug cull was massive, with 423 Firefox security fixes - a whopping five times more than the previous month and 20 times the usual monthly average, thanks in part to a boost from AI-powered bug detection. This huge spike in repairs is a testament to the power of innovative technology in keeping Firefox users safe and secure.

Analyst 207
Executive stands in front of large screen displaying cloud security interface in modern office setting.

WatchGuard Bolsters Cloud Security With Perimeters Acquisition

WatchGuard's acquisition of Perimeters is a strategic move to supercharge its cloud security offerings, driven by a personal endorsement from its CISO who fell in love with Perimeters' technology. This exciting purchase brings Perimeters' innovative cloud application security solutions into WatchGuard's portfolio.

Analyst 207
Laptop screen displays browser password manager in bright, neutral setting.

Microsoft Edge Exposes Saved Passwords in Plaintext

Microsoft Edge's password management has a concerning vulnerability: it loads all saved passwords into browser memory in plaintext at startup, making it easier for hackers to steal credentials on compromised systems. This is in stark contrast to other Chromium-based browsers like Google Chrome and Brave, which only decrypt passwords when needed.

Analyst 207