Cybersecurity
General cybersecurity news and analysis

AI Agents Expose Governance Gaps in Enterprise Identity Security
As AI agents become increasingly integral to enterprise operations, a concerning gap is emerging: the rapid adoption of AI is outpacing the development of essential governance policies to secure identities and access. Discover how this vulnerability impacts corporate applications and what you can do to protect your organization.

The Hacker News Launches Cybersecurity Stars Awards to Honor Industry Excellence
The Hacker News is shining a spotlight on the unsung heroes of cybersecurity with the launch of the Cybersecurity Stars Awards 2026, a global recognition program that celebrates the outstanding teams, leaders, and products making a real difference in the industry. Submissions are now open, offering a chance for innovators to showcase their work and be honored for their meaningful contributions.

AI-BOMs Emerge to Secure Enterprise AI Supply Chains
Imagine biting into a mysterious birthday cake without knowing its ingredients or who baked it - that's what it's like for enterprises trying to secure their AI supply chains without visibility into the components used to build their AI systems. Traditional software bills of materials just aren't cutting it in this new landscape.

Teens Exploit Age Checks with Simple Facial Manipulation Tactics
Kids are outsmarting age checks with a surprisingly simple trick: drawing on a fake mustache. This clever tactic allows them to bypass age verification systems with ease.

Singapore Researchers Harmonize Diverse SIEMs with Agentic Rule Translation
Imagine having multiple Security Information and Event Management platforms working in perfect harmony - Singapore researchers have made this a reality by developing a game-changing approach called agentic rule translation, enabling seamless interoperability between diverse SIEMs. This breakthrough simplifies life for teams managing SIEMs and developers building agentic systems that integrate with them.

Google Bolsters Android App Security with Public Verification Ledger
Google is stepping up its game to keep your Android apps safe with a new public verification ledger that ensures the Google apps on your device are genuine and exactly as intended. This move builds on its Pixel Binary Transparency feature, now expanding it to all Android production apps.

CISA Taps AI Automation to Bolster Threat Analysis Capabilities
With AI automation, CISA analysts can quickly sift through threats, cutting through the noise to focus on what matters most. This tech boost has supercharged their Security Operations Unit, enabling rapid, real-time assessments that help prevent threats from unfolding.

Linux Flaw Exposes Millions to Local Privilege Escalation
A critical Linux flaw, known as Copy Fail, has been discovered, exposing millions to potential local privilege escalation attacks - a vulnerability that highlights a deterministic logic error in the Linux kernel's cryptographic subsystem. This flaw, tracked as CVE-2026-31431, was publicly disclosed on April 29, 2026.

CISA Urges Infrastructure Operators to Plan for Extended Isolation
To stay ahead of potential disruptions, critical infrastructure operators must plan for extended isolation - and CISA's CI Fortify initiative is here to help, offering targeted assessments and operational planning to keep essential services running smoothly.

BlueVoyant Targets Mature SOCs with AI-Powered SaaS Platform
BlueVoyant's innovative SaaS platform harnesses the power of AI to supercharge security operations, empowering teams to defend customers faster and more effectively. This cutting-edge technology also offers a standalone solution for companies seeking to elevate their SOC capabilities.

CISOs Confront Growing Skills Gap in Cybersecurity Teams
A growing concern for CISOs is the widening skills gap in their cybersecurity teams, with 60% citing a lack of skilled staff as a bigger challenge than filling vacant positions. The right people with the right skills are proving harder to find than more bodies to fill open roles.

Hybrid Crypto Gains Traction in Quantum-Safe Security Push
By combining post-quantum cryptography and quantum key distribution, hybrid crypto approaches provide a robust security solution that protects systems even if one layer is compromised. This layered defense offsets the weaknesses of each, ensuring a stronger safeguard against emerging quantum threats.

Breach Readiness Lags as Identities Become Prime Attack Surface
To stay ahead of threats, organizations must move beyond generic risk assessments and instead focus on tailored risk management, taking into account the unique business context and technical severity of potential breaches. By doing so, they can harden identity controls, improve governance, and build a stronger defense against cyber attacks.

CISA Launches CI Fortify to Bolster Critical Infrastructure Resilience
CISA has launched CI Fortify, a groundbreaking initiative that empowers critical infrastructure providers to bolster their defenses and ensure uninterrupted delivery of essential services, even in the face of cyber threats. By investing in resilience measures now, infrastructure owners and operators can safeguard against operational gaps and maintain business continuity during periods of cyber duress.

Securing AI Adoption Requires New Risk Oversight Approach
As AI adoption accelerates, organizations are essentially onboarding fast-moving digital colleagues that require a new risk oversight approach - one that acknowledges their unique behavior and risk profile, which differs significantly from human workers. Traditional human-centric controls may not be enough to secure this new digital perimeter.

AI Models Reach Hacking Parity, But Reasoning Falters
The AI hacking landscape has reached a major milestone: two top AI models, GPT-5.5 and Anthropic's Mythos Preview, have demonstrated nearly identical capabilities in a rigorous 95-task cybersecurity evaluation, with scores of 71.4% and 68.6% respectively. This parity marks a significant tipping point in the development of AI-powered hacking tools.

Apache HTTP Server Flaw Enables DoS and Potential RCE Attacks
A critical flaw in the Apache HTTP Server, known as CVE-2026-23918, can be exploited to launch devastating denial-of-service (DoS) and potential remote code execution (RCE) attacks, putting your online security at risk. This high-severity bug has been patched in Apache HTTP Server version 2.4.67, so updating is crucial to prevent attacks.

CVE Feeds Overlook End-of-Life Software Vulnerabilities
The blind spot in CVE feeds is leaving end-of-life software vulnerabilities flying under the radar, with a staggering 167,286 false negatives identified in 2025 alone. This oversight can have serious consequences, as outdated software can still be exploited, even if it's no longer receiving patches.

Google Boosts Bounty Payouts for Elusive Android Exploits
Google just supercharged its bounty program, offering up to $1.5 million for the most elusive Android exploits that require top-notch technical skills to pull off. The biggest prizes go to zero-click, full-chain exploits with persistence, highlighting Google's focus on tackling the toughest security challenges.

AI Infrastructure Exposes Widespread Security Gaps
A staggering 2 million hosts and 1 million exposed services were uncovered through a simple scan of certificate transparency logs, revealing alarming security gaps in AI infrastructure. The findings painted a concerning picture: most AI projects lack even basic authentication, leaving them vulnerable to exploitation.

AI Adoption Outpaces Security Policies, Heightens Cyber Risk
Most organizations are already using AI tools, with 90% of digital trust professionals confirming employees are leveraging them, yet only 38% have a comprehensive policy in place to manage the risks. This disconnect leaves a staggering 25% of organizations with no AI policy at all, heightening cyber risk.

NCSC Warns of Impending AI-Driven Patch Surge
Get ready for a surge of software updates, warns the National Cyber Security Centre's CTO, as AI-driven patching is set to uncover and fix long-standing vulnerabilities across your tech stack. Prioritise your external attack surfaces and prepare for a "patch wave" to stay ahead of the threat.

NHS Moves to Close-Source GitHub Repos Citing AI Security Risks
The NHS is taking steps to boost security by moving its public GitHub repositories to private access by May 11, amid concerns that AI-powered code analysis could be exploited to uncover sensitive information. This temporary measure aims to prevent unintended disclosure of source code and other critical details.

Microsoft's GitHub troubles expose neglect
Microsoft's recent GitHub troubles have raised red flags about the platform's reliability, sparking concerns among developers, educators, and organisations that rely on it. This comes at a time when Microsoft is pushing users towards paid services and aggressively integrating AI offerings.