Cybersecurity
General cybersecurity news and analysis

Microsoft Bolsters Entra with Passkey Support on Windows
Say goodbye to passwords! Microsoft is bolstering Entra with passkey support on Windows, allowing users to authenticate with a face scan, fingerprint, or PIN for added security and convenience.

Linux Flaw Exposes Users to Root Access Attacks
A major Linux flaw, dubbed "Pack2TheRoot," has been hiding in plain sight for 12 years, allowing attackers with local access to gain root permissions and wreak havoc on your system - but a patch has finally been released to squash it. This medium-severity vulnerability, scoring 8.8 out of 10, highlights the importance of staying on top of software updates to protect your Linux setup.

Windows RPC Exposes New Local Privilege Escalation Technique
A newly discovered technique allows hackers to easily escalate their privileges to SYSTEM level on Windows systems, using a vulnerability in the Remote Procedure Call stack. This alarming exploit relies on clever manipulation of Security Quality of Service parameters and impersonation levels.

Linux Kernel Faces Large-Scale Device Support Cuts
The Linux kernel is set for a major overhaul, with plans to cut support for dozens of outdated devices, including ancient network cards and legacy parallel-port hardware, freeing up thousands of lines of code and reducing the maintenance burden. This could slash nearly 30,000 lines of code, just from Ethernet device removals alone.

Open Source Models Challenge Dominance in Automated Bug Finding
The impressive performance of Anthropic's Mythos in automated bug finding, which uncovered 271 Firefox flaws, has been called into question by Ari Herbert-Voss, who argues that open-source models can be just as effective. Herbert-Voss suggests that Mythos's success can be attributed to its ability to detect both simple and complex vulnerabilities, thanks to a phenomenon he terms "supralinear scaling".

Microsoft Update Disrupts Remote Desktop Security Warnings
Microsoft's latest update aimed at boosting Remote Desktop security may have an unintended consequence: a display-scaling bug that makes crucial security warnings hard to read or even unreadable. This glitch comes at a critical time, as the update was designed to protect against phishing attacks that exploit .rdp files.

Governance Gaps Exposed in AI Agent Deployments
To safely deploy AI agents, enterprises must first tighten up governance for the humans, bots, and machine identities that serve as their authority sources, since AI agents aren't independent actors but rather delegated ones. By reframing AI governance as a delegation issue, we can shift the focus from novelty to effective oversight.

Mandiant VP Warns of Resurgent Cybersecurity Risks in AI Deployments
As organizations rush to adopt AI, they're reviving long-standing cybersecurity failures, warns Mandiant VP Jurgen Kutscher, who urges a focus on basic security controls over new AI-specific threats. Neglecting these fundamentals leaves AI-enabled environments vulnerable to measurable operational weaknesses.

Microsoft Unveils Option to Uninstall Copilot on Enterprise Devices
Microsoft just made it easier for IT admins to breathe a sigh of relief: you can now uninstall Copilot from enterprise devices without any disruptions. The new RemoveMicrosoftCopilotApp policy setting is here to give you more control over your organization's devices.

Flaws in EV Charger Security Expose Cities to Denial-of-Service Attacks
A security researcher recently demonstrated how easily electric vehicle chargers can be hacked, leaving cities vulnerable to denial-of-service attacks with just a few clicks. In a stunning Black Hat Asia presentation, he showed how typing a simple charger ID into a custom-built script could instantly render a charging port useless.

Frontier AI Exposes Gaps in Traditional Security Programs
Imagine having the power to replicate a full year’s worth of manual penetration testing in just three weeks - that's the reality with frontier AI, which has exposed significant gaps in traditional security programs. Palo Alto Networks and Unit 42 have revealed that advanced models like Anthropic Mythos can autonomously identify software vulnerabilities and adapt to defensive controls in near-real-time.

FBI Extracts Signal Messages from iPhone Push Notification Records
In a surprising forensic discovery, the FBI was able to extract Signal messages from an iPhone's notification database, even after the app was deleted, by exploiting a loophole that stores message previews on the lock screen. This finding raises significant concerns about iPhone users' message security.

Cloudsmith Bolsters Software Supply-Chain Security with $72M Raise
Cloudsmith just secured $72 million to supercharge its artifact management platform and take software supply-chain security to the next level. With a strong artifact management layer in place, companies can enjoy the added benefit of a secure software supply chain.

UK Cyber Agency Unveils Device to Secure Computer Monitors
Meet SilentGlass, a game-changing plug-and-play device that easily secures computer monitors from cyber threats, protecting vulnerable IT infrastructure like never before. Developed by the UK's National Cyber Security Centre, this innovative gadget is set to revolutionize desktop security.

Proton CEO Warns Age Checks Threaten Online Anonymity
Proton CEO Andy Yen warns that mandatory online age checks could spell the end of anonymity, forcing every adult to surrender their ID just to access the internet. He argues that efforts to protect minors will inevitably sweep in adults, creating an ID checkpoint that threatens online freedom.

Anthropic's Claude Mythos Exposes AI Vulnerability Risks
The recent exposure of Anthropic's Claude Mythos highlights a chilling reality: AI tools designed to improve software quality can be easily repurposed to accelerate vulnerability discovery for malicious ends. This underscores the growing threat of AI-powered attacks, as malicious actors exploit commercial tools with minimal friction.

Password Resets Expose Vulnerability in Corporate Security
Did you know that password resets can cost companies a whopping $70 each, and with stolen credentials involved in nearly 45% of breaches, it's clear that corporate security is vulnerable to attack.

Apple Fixes iOS Bug Exposing Deleted Message Content
Apple just dropped an emergency update to squash a pesky iOS bug that let deleted messages linger on your device - and it's already patched in iOS 26.4.2 and iPadOS 26.4.2. The fix tackles a Notification Services flaw that allowed deleted alerts to persist, putting your private info at risk.

Microsoft Edge update disrupts Teams meeting joins for some users
A recent Microsoft Edge update has caused a frustrating issue for some users, preventing them from joining Microsoft Teams meetings. Microsoft is aware of the problem and is working to resolve it, but for now, affected users are left hanging.

Flaws in Hybrid Cloud Tools Expose Dual Attack Surfaces
Researchers have uncovered four vulnerabilities in Microsoft's Windows Admin Center, exposing a dual attack surface in hybrid cloud tools that may be flying under your radar. If left unmonitored, this unmanaged attack surface can leave your organization vulnerable to potential threats.

AI-Powered Vulnerability Discovery Outpaces Remediation
The AI-powered Mythos model discovered a staggering number of vulnerabilities, including a 27-year-old bug in OpenBSD and a four-bug exploit chain that bypassed browser and OS defenses, with fewer than 1% of these vulnerabilities patched. This led Anthropic to delay a public release and share the findings with tech giants like Apple and Microsoft to prioritize patching.

Google Unveils AI Agent Identity Platform to Tackle New Identity Risks
Google is stepping up its game in AI security with a new platform that gives autonomous software agents their own unique identities, ensuring that every action is verified, recorded, and accountable. This move towards zero-trust verification means organizations can trust their AI agents to act with integrity and transparency.

UK Cyber Agency Unveils Anti-Malware Gadget for Display Devices
Meet SilentGlass, a game-changing anti-malware device from the UK's National Cyber Security Centre that shields your display screens and monitors from cyber threats with unprecedented ease. This innovative gadget is now available for commercial use, protecting vulnerable IT infrastructure like never before.

CISA Mandates Patching of Exploited BlueHammer Flaw in Federal Systems
Don't let your federal systems become an easy target: CISA is mandating the patching of the exploited BlueHammer flaw to prevent malicious cyber actors from gaining a foothold. A high-severity vulnerability in Microsoft Defender can allow low-privileged users to gain SYSTEM permissions - but a patch is available.