Cybersecurity
General cybersecurity news and analysis

Microsoft Urges iPhone Users to Reauthenticate After Outlook Outage
If you're an iPhone user who relies on Outlook, you may need to re-enter your login credentials to access your account after a global outage hit the service. Microsoft has confirmed the issue is resolved, but iOS users will need to manually sign in again through the default Mail app.

NCSC Warns of Flawed SOC Metrics
The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize speed over substance.

Microsoft Fixes Entra ID Flaw That Enabled Service Principal Takeovers
Microsoft has patched a vulnerability in Entra ID that allowed hackers to hijack service principals, potentially leading to full takeover of sensitive systems. A security researcher discovered the flaw, which stemmed from overly broad permissions in the Agent ID Administrator role.

Healthcare Breaches Decline, But Lax Email Security Persists
Alarmingly, nearly three-quarters of breached healthcare organizations had weak email defenses, with 74% either lacking a DMARC policy or having it set to monitor-only mode, leaving them vulnerable to attacks.

Senators Probe Navigate360 Over Hacked Student Data
Senators Maggie Hassan and Jim Banks are demanding answers from Navigate360 after a cyberattack compromised its anonymous tip line, putting the sensitive data of students, staff, and schools at risk. The breach allegedly exposed 93 gigabytes of data, sparking concerns over the safety and security of those who rely on the company's services.

Academics Crack 15th-Century Diplomatic Cipher
Meet Pedro de Ayala, a 15th-century diplomat who took infosec to new heights by encrypting sensitive royal gossip with clever symbols - only to have his secrets cracked 500 years later by some codebreaking academics. His creative encryption method, which combined symbol substitutions with deliberate omissions, kept his messages safe from prying eyes for centuries.

FTC Warns of $2.1 Billion Losses to Social Media Scams
Scammers are making a killing on social media, with nearly one-third of reported losses - a whopping $2.1 billion - originating from these platforms in 2025, according to the FTC. That's an eightfold increase in just five years, making social media a primary target for scammers to swindle unsuspecting consumers.

Crypto Launderer Sentenced to 70 Months for $230M Heist Role
Meet Evan Tangeman, a 22-year-old crypto launderer who lived large on stolen millions, racking up half-million-dollar nightclub tabs and luxury cars, before getting sentenced to 70 months in prison for his role in a $230M heist. His lavish lifestyle, fueled by greed, came crashing down with a guilty plea and a lengthy prison term.

Cybersecurity Salaries Stagnate Amid Rising Threats and Workloads
Despite the rising demand for cybersecurity experts, a shocking 71% of infosec pros worldwide - and 77% in the UK - have seen their salaries stagnate over the past year, leaving them lagging behind their peers in other tech fields.

Vulnerability Discovery Outpaces Remediation Infrastructure
The latest AI-powered vulnerability discovery tool, Anthropic's Claude Mythos Preview, can identify a massive number of security risks at unprecedented speed, raising crucial questions about whether organizations can keep up with remediation. With AI outpacing human teams, the real challenge now is turning these findings into actionable fixes.

Microsoft Adds Pause Option to Windows Updates
Microsoft is putting you in the driver's seat with its latest update: you can now pause Windows Updates for a longer period, giving you more control over when and how you update your system. This new feature is a direct result of your feedback, and it's designed to minimize disruptions caused by untimely updates.

Cybersecurity Pros Feel Undervalued as Pay Lags
Cybersecurity pros are feeling underappreciated and overworked, with over 75% not getting a pay rise last year and nearly half feeling undervalued. This disconnect is sparking dissatisfaction, with many considering a career move.

Identity Management Wrestles with AI-Driven Risks
The rapid evolution of Artificial Intelligence is a double-edged sword for IT leaders, bringing unprecedented opportunities for efficiency, but also sophisticated threats and complex identity management challenges. As organizations adopt autonomous digital workers, they must navigate the tension between harnessing AI's power and mitigating its risks to trust and identity.

Researchers Uncover Fast16 Malware That Preceded Stuxnet
Meet fast16.sys, a sneaky kernel driver that intercepts and modifies executable code as it's read from disk, giving its creators unprecedented control over the storage stack and filesystem. This boot-start filesystem component was a game-changer in its time, and researchers are still unraveling its secrets.

Anthropic's AI Model Exposes Code Flaws, But Limitations Remain
Meet Mythos, a game-changing AI tool that automates code auditing with impressive accuracy, but isn't quite a magic bullet for uncovering entirely new software flaws. It's highly effective at spotting known vulnerabilities, but its capabilities are still limited to what humans have taught it.

Cal.com Shifts Away From Open Source Amid AI-Driven Security Concerns
Cal.com is ditching open source, citing AI-driven security risks that make transparent code a liability. Its CEO claims open source is dead, as AI tools empower attackers to exploit published code like never before.

Microsoft Overhauls Windows Insider Program to Address Reliability Concerns
Microsoft has heard your frustration loud and clear: the unpredictable rollout of new features in the Windows Insider Program has left many testers feeling confused and left behind. The company is now shaking things up to bring simplicity and reliability back to the program.

CISA Flags Four Exploited Vulnerabilities, Sets Federal Patch Deadline
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged four actively exploited vulnerabilities, urging Federal Civilian Executive Branch (FCEB) agencies to patch or discontinue use of affected systems by May 8, 2026. These critical flaws, detailed in CISA's Known Exploited Vulnerabilities (KEV) catalog, pose a significant threat to cybersecurity and must be addressed promptly.

Mail Exploited to Track Dutch Naval Ship with Hidden Bluetooth Device
A clever journalist working for Omroep Gelderland successfully tracked a Dutch naval ship for nearly a day using a sneaky hidden Bluetooth tracker sent via postcard - all thanks to publicly available instructions on how to pull off the trick. This eye-opening experiment reveals just how easy it can be to compromise security with a little creativity and some off-the-shelf tech.

TekStream Bolsters Proactive Security with ImagineX Cyber Acquisition
TekStream is taking a proactive approach to security with its acquisition of ImagineX's cyber business, expanding its services to help prevent incidents and align security strategies with business goals. This strategic move bolsters TekStream's offerings with advisory, GRC, and vulnerability management capabilities.

Shadow AI Agents Emerge as Hidden Risk in Enterprises
As companies rush to adopt AI, a hidden risk is emerging: shadow AI agents operating outside of traditional IT control, leaving many organizations in the dark about where they exist, what they're connected to, and what actions they're taking. This growing visibility gap poses a significant operational risk, driven by teams experimenting with AI independently, often without fully understanding the security implications.

Microsoft Revamps Windows Update to Curb Disruptive Restarts
Microsoft is shaking up its Windows Update process to put you in the driver's seat, giving you more control over when updates happen and minimizing those pesky, disruptive restarts. The change comes after hearing from thousands of users, with 7,621 verbatims, about the need for a smoother update experience.

Microsoft Bolsters Entra with Passkey Support on Windows
Say goodbye to passwords! Microsoft is bolstering Entra with passkey support on Windows, allowing users to authenticate with a face scan, fingerprint, or PIN for added security and convenience.

Linux Flaw Exposes Users to Root Access Attacks
A major Linux flaw, dubbed "Pack2TheRoot," has been hiding in plain sight for 12 years, allowing attackers with local access to gain root permissions and wreak havoc on your system - but a patch has finally been released to squash it. This medium-severity vulnerability, scoring 8.8 out of 10, highlights the importance of staying on top of software updates to protect your Linux setup.