Skip to main content

Cybersecurity

General cybersecurity news and analysis

Vacant corporate workstation with laptop and smartphone on a desk, surrounded by blurred office furniture and partitions.

AI Agents Expose Governance Gaps in Enterprise Identity Security

As AI agents become increasingly integral to enterprise operations, a concerning gap is emerging: the rapid adoption of AI is outpacing the development of essential governance policies to secure identities and access. Discover how this vulnerability impacts corporate applications and what you can do to protect your organization.

Analyst 207
People collaborate in a bright, modern lab setting with technology equipment.

The Hacker News Launches Cybersecurity Stars Awards to Honor Industry Excellence

The Hacker News is shining a spotlight on the unsung heroes of cybersecurity with the launch of the Cybersecurity Stars Awards 2026, a global recognition program that celebrates the outstanding teams, leaders, and products making a real difference in the industry. Submissions are now open, offering a chance for innovators to showcase their work and be honored for their meaningful contributions.

Analyst 207
Server room with rows of computer servers and a single workstation featuring a blank AI system interface.

AI-BOMs Emerge to Secure Enterprise AI Supply Chains

Imagine biting into a mysterious birthday cake without knowing its ingredients or who baked it - that's what it's like for enterprises trying to secure their AI supply chains without visibility into the components used to build their AI systems. Traditional software bills of materials just aren't cutting it in this new landscape.

Analyst 207
Teenager with faint, smudged mustache drawn on upper lip in casual setting.

Teens Exploit Age Checks with Simple Facial Manipulation Tactics

Kids are outsmarting age checks with a surprisingly simple trick: drawing on a fake mustache. This clever tactic allows them to bypass age verification systems with ease.

Analyst 207
Researchers work together at a central workstation to integrate multiple Security Information and Event Management systems,…

Singapore Researchers Harmonize Diverse SIEMs with Agentic Rule Translation

Imagine having multiple Security Information and Event Management platforms working in perfect harmony - Singapore researchers have made this a reality by developing a game-changing approach called agentic rule translation, enabling seamless interoperability between diverse SIEMs. This breakthrough simplifies life for teams managing SIEMs and developers building agentic systems that integrate with them.

Analyst 207
Secure-looking ledger on a table surrounded by abstract code representations in a bright, neutral-colored tech facility.

Google Bolsters Android App Security with Public Verification Ledger

Google is stepping up its game to keep your Android apps safe with a new public verification ledger that ensures the Google apps on your device are genuine and exactly as intended. This move builds on its Pixel Binary Transparency feature, now expanding it to all Android production apps.

Analyst 207
Security analysts work in a brightly-lit operations center with screens displaying threat analysis data.

CISA Taps AI Automation to Bolster Threat Analysis Capabilities

With AI automation, CISA analysts can quickly sift through threats, cutting through the noise to focus on what matters most. This tech boost has supercharged their Security Operations Unit, enabling rapid, real-time assessments that help prevent threats from unfolding.

Analyst 207
Close-up of Linux server room with a single workstation and equipment in sharp focus under soft daylight.

Linux Flaw Exposes Millions to Local Privilege Escalation

A critical Linux flaw, known as Copy Fail, has been discovered, exposing millions to potential local privilege escalation attacks - a vulnerability that highlights a deterministic logic error in the Linux kernel's cryptographic subsystem. This flaw, tracked as CVE-2026-31431, was publicly disclosed on April 29, 2026.

Analyst 207
Control room with rows of industrial computers and monitoring systems, operators in background.

CISA Urges Infrastructure Operators to Plan for Extended Isolation

To stay ahead of potential disruptions, critical infrastructure operators must plan for extended isolation - and CISA's CI Fortify initiative is here to help, offering targeted assessments and operational planning to keep essential services running smoothly.

Analyst 207
Modern security operations center interior with personnel at sleek workstations.

BlueVoyant Targets Mature SOCs with AI-Powered SaaS Platform

BlueVoyant's innovative SaaS platform harnesses the power of AI to supercharge security operations, empowering teams to defend customers faster and more effectively. This cutting-edge technology also offers a standalone solution for companies seeking to elevate their SOC capabilities.

Analyst 207
Diverse cybersecurity team gathered around a blank whiteboard in a modern conference room.

CISOs Confront Growing Skills Gap in Cybersecurity Teams

A growing concern for CISOs is the widening skills gap in their cybersecurity teams, with 60% citing a lack of skilled staff as a bigger challenge than filling vacant positions. The right people with the right skills are proving harder to find than more bodies to fill open roles.

Analyst 207
Layered security setup combines circuit board and network diagram components.

Hybrid Crypto Gains Traction in Quantum-Safe Security Push

By combining post-quantum cryptography and quantum key distribution, hybrid crypto approaches provide a robust security solution that protects systems even if one layer is compromised. This layered defense offsets the weaknesses of each, ensuring a stronger safeguard against emerging quantum threats.

Analyst 207
IT professional examines security dashboard with thoughtful expression.

Breach Readiness Lags as Identities Become Prime Attack Surface

To stay ahead of threats, organizations must move beyond generic risk assessments and instead focus on tailored risk management, taking into account the unique business context and technical severity of potential breaches. By doing so, they can harden identity controls, improve governance, and build a stronger defense against cyber attacks.

Analyst 207
Control room interior with industrial control systems and monitoring screens illuminated by daylight from large windows.

CISA Launches CI Fortify to Bolster Critical Infrastructure Resilience

CISA has launched CI Fortify, a groundbreaking initiative that empowers critical infrastructure providers to bolster their defenses and ensure uninterrupted delivery of essential services, even in the face of cyber threats. By investing in resilience measures now, infrastructure owners and operators can safeguard against operational gaps and maintain business continuity during periods of cyber duress.

Analyst 207
Employees work alongside AI technology in a brightly-lit office setting with laptops and papers.

Securing AI Adoption Requires New Risk Oversight Approach

As AI adoption accelerates, organizations are essentially onboarding fast-moving digital colleagues that require a new risk oversight approach - one that acknowledges their unique behavior and risk profile, which differs significantly from human workers. Traditional human-centric controls may not be enough to secure this new digital perimeter.

Analyst 207
Rows of computer workstations with blank screens in a neutral-colored room.

AI Models Reach Hacking Parity, But Reasoning Falters

The AI hacking landscape has reached a major milestone: two top AI models, GPT-5.5 and Anthropic's Mythos Preview, have demonstrated nearly identical capabilities in a rigorous 95-task cybersecurity evaluation, with scores of 71.4% and 68.6% respectively. This parity marks a significant tipping point in the development of AI-powered hacking tools.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room with a subtle hint of a web server…

Apache HTTP Server Flaw Enables DoS and Potential RCE Attacks

A critical flaw in the Apache HTTP Server, known as CVE-2026-23918, can be exploited to launch devastating denial-of-service (DoS) and potential remote code execution (RCE) attacks, putting your online security at risk. This high-severity bug has been patched in Apache HTTP Server version 2.4.67, so updating is crucial to prevent attacks.

Analyst 207
Dimly lit storage room with scattered old computer equipment and faded labels, daylight peeking through grimy windows.

CVE Feeds Overlook End-of-Life Software Vulnerabilities

The blind spot in CVE feeds is leaving end-of-life software vulnerabilities flying under the radar, with a staggering 167,286 false negatives identified in 2025 alone. This oversight can have serious consequences, as outdated software can still be exploited, even if it's no longer receiving patches.

Analyst 207
Smartphone with blank screen on a neutral surface in a blurred research environment.

Google Boosts Bounty Payouts for Elusive Android Exploits

Google just supercharged its bounty program, offering up to $1.5 million for the most elusive Android exploits that require top-notch technical skills to pull off. The biggest prizes go to zero-click, full-chain exploits with persistence, highlighting Google's focus on tackling the toughest security challenges.

Analyst 207
Rows of computer servers and networking equipment glow softly in a data center.

AI Infrastructure Exposes Widespread Security Gaps

A staggering 2 million hosts and 1 million exposed services were uncovered through a simple scan of certificate transparency logs, revealing alarming security gaps in AI infrastructure. The findings painted a concerning picture: most AI projects lack even basic authentication, leaving them vulnerable to exploitation.

Analyst 207
Busy office workspace with employees at desks, laptops, and papers, surrounded by cubicles and office furniture.

AI Adoption Outpaces Security Policies, Heightens Cyber Risk

Most organizations are already using AI tools, with 90% of digital trust professionals confirming employees are leveraging them, yet only 38% have a comprehensive policy in place to manage the risks. This disconnect leaves a staggering 25% of organizations with no AI policy at all, heightening cyber risk.

Analyst 207
Brightly-lit tech room with focused workstation, surrounded by screens and equipment.

NCSC Warns of Impending AI-Driven Patch Surge

Get ready for a surge of software updates, warns the National Cyber Security Centre's CTO, as AI-driven patching is set to uncover and fix long-standing vulnerabilities across your tech stack. Prioritise your external attack surfaces and prepare for a "patch wave" to stay ahead of the threat.

Analyst 207
Laptop screen shows GitHub repository with blurred section, symbolizing restricted access to source code.

NHS Moves to Close-Source GitHub Repos Citing AI Security Risks

The NHS is taking steps to boost security by moving its public GitHub repositories to private access by May 11, amid concerns that AI-powered code analysis could be exploited to uncover sensitive information. This temporary measure aims to prevent unintended disclosure of source code and other critical details.

Analyst 207
Cluttered developer's workspace with laptop, monitors, and notes, hint of GitHub logo on screen.

Microsoft's GitHub troubles expose neglect

Microsoft's recent GitHub troubles have raised red flags about the platform's reliability, sparking concerns among developers, educators, and organisations that rely on it. This comes at a time when Microsoft is pushing users towards paid services and aggressively integrating AI offerings.

Analyst 207