Skip to main content

Cybersecurity

General cybersecurity news and analysis

Person holding iPhone with Mail app login screen in quiet, well-lit setting.

Microsoft Urges iPhone Users to Reauthenticate After Outlook Outage

If you're an iPhone user who relies on Outlook, you may need to re-enter your login credentials to access your account after a global outage hit the service. Microsoft has confirmed the issue is resolved, but iOS users will need to manually sign in again through the default Mail app.

Analyst 207
Security analysts work at desks in a bright, modern operations center with a central workstation and empty chair.

NCSC Warns of Flawed SOC Metrics

The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize speed over substance.

Analyst 207
Security expert examines laptop in lab setting with tech equipment and AI hints.

Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers

Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.

Analyst 207
Hospital administrative area with computer and printer, emphasizing email security.

Healthcare Breaches Decline, But Lax Email Security Persists

Alarmingly, nearly three-quarters of breached healthcare organizations had weak email defenses, with 74% either lacking a DMARC policy or having it set to monitor-only mode, leaving them vulnerable to attacks.

Analyst 207
Blurred computer screen in empty school hallway conveys concern and vulnerability.

Senators Probe Navigate360 Over Hacked Student Data

Senators Maggie Hassan and Jim Banks are demanding answers from Navigate360 after a cyberattack compromised its anonymous tip line, putting the sensitive data of students, staff, and schools at risk. The breach allegedly exposed 93 gigabytes of data, sparking concerns over the safety and security of those who rely on the company's services.

Analyst 207
Scholars' workspace with candlelit manuscript and scattered parchments.

Academics Crack 15th-Century Diplomatic Cipher

Meet Pedro de Ayala, a 15th-century diplomat who took infosec to new heights by encrypting sensitive royal gossip with clever symbols - only to have his secrets cracked 500 years later by some codebreaking academics. His creative encryption method, which combined symbol substitutions with deliberate omissions, kept his messages safe from prying eyes for centuries.

Analyst 207
Person looks concerned while surrounded by laptop, smartphone, and tablet in a brightly lit living room.

FTC Warns of $2.1 Billion Losses to Social Media Scams

Scammers are making a killing on social media, with nearly one-third of reported losses - a whopping $2.1 billion - originating from these platforms in 2025, according to the FTC. That's an eightfold increase in just five years, making social media a primary target for scammers to swindle unsuspecting consumers.

Analyst 207
Government building interior with judge's bench and US Attorney's seal, daylight through tall windows.

Crypto Launderer Sentenced to 70 Months for $230M Heist Role

Meet Evan Tangeman, a 22-year-old crypto launderer who lived large on stolen millions, racking up half-million-dollar nightclub tabs and luxury cars, before getting sentenced to 70 months in prison for his role in a $230M heist. His lavish lifestyle, fueled by greed, came crashing down with a guilty plea and a lengthy prison term.

Analyst 207
Person sitting at desk with laptop and papers, surrounded by empty office spaces, with a neutral and slightly concerned…

Cybersecurity Salaries Stagnate Amid Rising Threats and Workloads

Despite the rising demand for cybersecurity experts, a shocking 71% of infosec pros worldwide - and 77% in the UK - have seen their salaries stagnate over the past year, leaving them lagging behind their peers in other tech fields.

Analyst 207
Modern office interior with rows of workstations and computer equipment.

Vulnerability Discovery Outpaces Remediation Infrastructure

The latest AI-powered vulnerability discovery tool, Anthropic's Claude Mythos Preview, can identify a massive number of security risks at unprecedented speed, raising crucial questions about whether organizations can keep up with remediation. With AI outpacing human teams, the real challenge now is turning these findings into actionable fixes.

Analyst 207
Person sitting at desk with laptop, looking thoughtful in a bright home office.

Microsoft Adds Pause Option to Windows Updates

Microsoft is putting you in the driver's seat with its latest update: you can now pause Windows Updates for a longer period, giving you more control over when and how you update your system. This new feature is a direct result of your feedback, and it's designed to minimize disruptions caused by untimely updates.

Analyst 207
Cybersecurity professional sits at cluttered desk with multiple monitors, showing a subtle expression of frustration.

Cybersecurity Pros Feel Undervalued as Pay Lags

Cybersecurity pros are feeling underappreciated and overworked, with over 75% not getting a pay rise last year and nearly half feeling undervalued. This disconnect is sparking dissatisfaction, with many considering a career move.

Analyst 207
A lone workstation glows brightly in a dimly lit server room with rows of computer servers in the background.

Identity Management Wrestles with AI-Driven Risks

The rapid evolution of Artificial Intelligence is a double-edged sword for IT leaders, bringing unprecedented opportunities for efficiency, but also sophisticated threats and complex identity management challenges. As organizations adopt autonomous digital workers, they must navigate the tension between harnessing AI's power and mitigating its risks to trust and identity.

Analyst 207
Researcher working on computer in laboratory setting with technical equipment.

Researchers Uncover Fast16 Malware That Preceded Stuxnet

Meet fast16.sys, a sneaky kernel driver that intercepts and modifies executable code as it's read from disk, giving its creators unprecedented control over the storage stack and filesystem. This boot-start filesystem component was a game-changer in its time, and researchers are still unraveling its secrets.

Analyst 207
Software developer's workstation with laptop, notes, and papers, set against a blurred office background.

Anthropic's AI Model Exposes Code Flaws, But Limitations Remain

Meet Mythos, a game-changing AI tool that automates code auditing with impressive accuracy, but isn't quite a magic bullet for uncovering entirely new software flaws. It's highly effective at spotting known vulnerabilities, but its capabilities are still limited to what humans have taught it.

Analyst 207
Person holding a blueprint of a bank vault in a modern office setting.

Cal.com Shifts Away From Open Source Amid AI-Driven Security Concerns

Cal.com is ditching open source, citing AI-driven security risks that make transparent code a liability. Its CEO claims open source is dead, as AI tools empower attackers to exploit published code like never before.

Analyst 207
Person sits at laptop with hands on keyboard, surrounded by minimalist decor and soft daylight.

Microsoft Overhauls Windows Insider Program to Address Reliability Concerns

Microsoft has heard your frustration loud and clear: the unpredictable rollout of new features in the Windows Insider Program has left many testers feeling confused and left behind. The company is now shaking things up to bring simplicity and reliability back to the program.

Analyst 207
Federal agency office with computer workstation, papers, and laptop, conveying urgency and remediation.

CISA Flags Four Exploited Vulnerabilities, Sets Federal Patch Deadline

The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged four actively exploited vulnerabilities, urging Federal Civilian Executive Branch (FCEB) agencies to patch or discontinue use of affected systems by May 8, 2026. These critical flaws, detailed in CISA's Known Exploited Vulnerabilities (KEV) catalog, pose a significant threat to cybersecurity and must be addressed promptly.

Analyst 207
A postcard on a wooden table with a small Bluetooth device beside it.

Mail Exploited to Track Dutch Naval Ship with Hidden Bluetooth Device

A clever journalist working for Omroep Gelderland successfully tracked a Dutch naval ship for nearly a day using a sneaky hidden Bluetooth tracker sent via postcard - all thanks to publicly available instructions on how to pull off the trick. This eye-opening experiment reveals just how easy it can be to compromise security with a little creativity and some off-the-shelf tech.

Analyst 207
Modern office conference room with large table and high-backed chairs near floor-to-ceiling windows.

TekStream Bolsters Proactive Security with ImagineX Cyber Acquisition

TekStream is taking a proactive approach to security with its acquisition of ImagineX's cyber business, expanding its services to help prevent incidents and align security strategies with business goals. This strategic move bolsters TekStream's offerings with advisory, GRC, and vulnerability management capabilities.

Analyst 207
Dimly lit server room with blurred-out equipment and subtle hints of hidden devices.

Shadow AI Agents Emerge as Hidden Risk in Enterprises

As companies rush to adopt AI, a hidden risk is emerging: shadow AI agents operating outside of traditional IT control, leaving many organizations in the dark about where they exist, what they're connected to, and what actions they're taking. This growing visibility gap poses a significant operational risk, driven by teams experimenting with AI independently, often without fully understanding the security implications.

Analyst 207
Person planning on a calendar with a laptop and papers nearby.

Microsoft Revamps Windows Update to Curb Disruptive Restarts

Microsoft is shaking up its Windows Update process to put you in the driver's seat, giving you more control over when updates happen and minimizing those pesky, disruptive restarts. The change comes after hearing from thousands of users, with 7,621 verbatims, about the need for a smoother update experience.

Analyst 207
Windows computer on a desk with a laptop screen showing an authentication prompt and a nearby smartphone, in a bright…

Microsoft Bolsters Entra with Passkey Support on Windows

Say goodbye to passwords! Microsoft is bolstering Entra with passkey support on Windows, allowing users to authenticate with a face scan, fingerprint, or PIN for added security and convenience.

Analyst 207
Linux workstation with terminal open in dimly lit lab, surrounded by technical notes.

Linux Flaw Exposes Users to Root Access Attacks

A major Linux flaw, dubbed "Pack2TheRoot," has been hiding in plain sight for 12 years, allowing attackers with local access to gain root permissions and wreak havoc on your system - but a patch has finally been released to squash it. This medium-severity vulnerability, scoring 8.8 out of 10, highlights the importance of staying on top of software updates to protect your Linux setup.

Analyst 207