Skip to main content

Cybersecurity

General cybersecurity news and analysis

Windows computer on a desk with a laptop screen showing an authentication prompt and a nearby smartphone, in a bright…

Microsoft Bolsters Entra with Passkey Support on Windows

Say goodbye to passwords! Microsoft is bolstering Entra with passkey support on Windows, allowing users to authenticate with a face scan, fingerprint, or PIN for added security and convenience.

Analyst 207
Linux workstation with terminal open in dimly lit lab, surrounded by technical notes.

Linux Flaw Exposes Users to Root Access Attacks

A major Linux flaw, dubbed "Pack2TheRoot," has been hiding in plain sight for 12 years, allowing attackers with local access to gain root permissions and wreak havoc on your system - but a patch has finally been released to squash it. This medium-severity vulnerability, scoring 8.8 out of 10, highlights the importance of staying on top of software updates to protect your Linux setup.

Analyst 207
A typical office workstation with a blank laptop screen in the foreground.

Windows RPC Exposes New Local Privilege Escalation Technique

A newly discovered technique allows hackers to easily escalate their privileges to SYSTEM level on Windows systems, using a vulnerability in the Remote Procedure Call stack. This alarming exploit relies on clever manipulation of Security Quality of Service parameters and impersonation levels.

Analyst 207
Older computer network card centered on a neutral surface with soft ambient light.

Linux Kernel Faces Large-Scale Device Support Cuts

The Linux kernel is set for a major overhaul, with plans to cut support for dozens of outdated devices, including ancient network cards and legacy parallel-port hardware, freeing up thousands of lines of code and reducing the maintenance burden. This could slash nearly 30,000 lines of code, just from Ethernet device removals alone.

Analyst 207
Speaker at podium in conference setting with blurred audience and gradient visuals on screen.

Open Source Models Challenge Dominance in Automated Bug Finding

The impressive performance of Anthropic's Mythos in automated bug finding, which uncovered 271 Firefox flaws, has been called into question by Ari Herbert-Voss, who argues that open-source models can be just as effective. Herbert-Voss suggests that Mythos's success can be attributed to its ability to detect both simple and complex vulnerabilities, thanks to a phenomenon he terms "supralinear scaling".

Analyst 207
Person working remotely on laptop with security warning on screen.

Microsoft Update Disrupts Remote Desktop Security Warnings

Microsoft's latest update aimed at boosting Remote Desktop security may have an unintended consequence: a display-scaling bug that makes crucial security warnings hard to read or even unreadable. This glitch comes at a critical time, as the update was designed to protect against phishing attacks that exploit .rdp files.

Analyst 207
Professional interacts with futuristic AI system interface on large screen in corporate setting.

Governance Gaps Exposed in AI Agent Deployments

To safely deploy AI agents, enterprises must first tighten up governance for the humans, bots, and machine identities that serve as their authority sources, since AI agents aren't independent actors but rather delegated ones. By reframing AI governance as a delegation issue, we can shift the focus from novelty to effective oversight.

Analyst 207
Empty conference hall with podium and blurred laptop screen.

Mandiant VP Warns of Resurgent Cybersecurity Risks in AI Deployments

As organizations rush to adopt AI, they're reviving long-standing cybersecurity failures, warns Mandiant VP Jurgen Kutscher, who urges a focus on basic security controls over new AI-specific threats. Neglecting these fundamentals leaves AI-enabled environments vulnerable to measurable operational weaknesses.

Analyst 207
A laptop on a clean desk in a brightly-lit office with a blurred screen in the background.

Microsoft Unveils Option to Uninstall Copilot on Enterprise Devices

Microsoft just made it easier for IT admins to breathe a sigh of relief: you can now uninstall Copilot from enterprise devices without any disruptions. The new RemoveMicrosoftCopilotApp policy setting is here to give you more control over your organization's devices.

Analyst 207
Public EV charging station with one inactive charger in city square.

Flaws in EV Charger Security Expose Cities to Denial-of-Service Attacks

A security researcher recently demonstrated how easily electric vehicle chargers can be hacked, leaving cities vulnerable to denial-of-service attacks with just a few clicks. In a stunning Black Hat Asia presentation, he showed how typing a simple charger ID into a custom-built script could instantly render a charging port useless.

Analyst 207
Large computer screen displays complex network diagram in modern lab setting.

Frontier AI Exposes Gaps in Traditional Security Programs

Imagine having the power to replicate a full year’s worth of manual penetration testing in just three weeks - that's the reality with frontier AI, which has exposed significant gaps in traditional security programs. Palo Alto Networks and Unit 42 have revealed that advanced models like Anthropic Mythos can autonomously identify software vulnerabilities and adapt to defensive controls in near-real-time.

Analyst 207
iPhone lock screen with a notification showing a blurred message preview.

FBI Extracts Signal Messages from iPhone Push Notification Records

In a surprising forensic discovery, the FBI was able to extract Signal messages from an iPhone's notification database, even after the app was deleted, by exploiting a loophole that stores message previews on the lock screen. This finding raises significant concerns about iPhone users' message security.

Analyst 207
Modern tech facility interior with people working in background and sleek workstation in foreground.

Cloudsmith Bolsters Software Supply-Chain Security with $72M Raise

Cloudsmith just secured $72 million to supercharge its artifact management platform and take software supply-chain security to the next level. With a strong artifact management layer in place, companies can enjoy the added benefit of a secure software supply chain.

Analyst 207
Small hardware device on a plain surface with a monitor cable running through it in a bright conference setting.

UK Cyber Agency Unveils Device to Secure Computer Monitors

Meet SilentGlass, a game-changing plug-and-play device that easily secures computer monitors from cyber threats, protecting vulnerable IT infrastructure like never before. Developed by the UK's National Cyber Security Centre, this innovative gadget is set to revolutionize desktop security.

Analyst 207
Person holds smartphone with blurred screen, looking concerned in front of public library.

Proton CEO Warns Age Checks Threaten Online Anonymity

Proton CEO Andy Yen warns that mandatory online age checks could spell the end of anonymity, forcing every adult to surrender their ID just to access the internet. He argues that efforts to protect minors will inevitably sweep in adults, creating an ID checkpoint that threatens online freedom.

Analyst 207
Security team works at a workstation with multiple monitors in a brightly-lit operations center overlooking a cityscape.

Anthropic's Claude Mythos Exposes AI Vulnerability Risks

The recent exposure of Anthropic's Claude Mythos highlights a chilling reality: AI tools designed to improve software quality can be easily repurposed to accelerate vulnerability discovery for malicious ends. This underscores the growing threat of AI-powered attacks, as malicious actors exploit commercial tools with minimal friction.

Analyst 207
Helpdesk worker sits at cluttered desk, staring at computer screen with password reset page.

Password Resets Expose Vulnerability in Corporate Security

Did you know that password resets can cost companies a whopping $70 each, and with stolen credentials involved in nearly 45% of breaches, it's clear that corporate security is vulnerable to attack.

Analyst 207
Smartphone screen shows partially deleted message with blurred text in notification panel.

Apple Fixes iOS Bug Exposing Deleted Message Content

Apple just dropped an emergency update to squash a pesky iOS bug that let deleted messages linger on your device - and it's already patched in iOS 26.4.2 and iPadOS 26.4.2. The fix tackles a Notification Services flaw that allowed deleted alerts to persist, putting your private info at risk.

Analyst 207
Person working at desk with computer and calendar, preparing for a virtual meeting.

Microsoft Edge update disrupts Teams meeting joins for some users

A recent Microsoft Edge update has caused a frustrating issue for some users, preventing them from joining Microsoft Teams meetings. Microsoft is aware of the problem and is working to resolve it, but for now, affected users are left hanging.

Analyst 207
Hybrid cloud management interface with exposed sections on a laptop screen.

Flaws in Hybrid Cloud Tools Expose Dual Attack Surfaces

Researchers have uncovered four vulnerabilities in Microsoft's Windows Admin Center, exposing a dual attack surface in hybrid cloud tools that may be flying under your radar. If left unmonitored, this unmanaged attack surface can leave your organization vulnerable to potential threats.

Analyst 207
Secure facility with workstations and laptop showing code on screen.

AI-Powered Vulnerability Discovery Outpaces Remediation

The AI-powered Mythos model discovered a staggering number of vulnerabilities, including a 27-year-old bug in OpenBSD and a four-bug exploit chain that bypassed browser and OS defenses, with fewer than 1% of these vulnerabilities patched. This led Anthropic to delay a public release and share the findings with tech giants like Apple and Microsoft to prioritize patching.

Analyst 207
Sleek technology lab setting with futuristic devices and laptop on minimalist workbench.

Google Unveils AI Agent Identity Platform to Tackle New Identity Risks

Google is stepping up its game in AI security with a new platform that gives autonomous software agents their own unique identities, ensuring that every action is verified, recorded, and accountable. This move towards zero-trust verification means organizations can trust their AI agents to act with integrity and transparency.

Analyst 207
A small gadget, roughly the size of a dongle, sits beside a modern display device on a neutral-colored surface.

UK Cyber Agency Unveils Anti-Malware Gadget for Display Devices

Meet SilentGlass, a game-changing anti-malware device from the UK's National Cyber Security Centre that shields your display screens and monitors from cyber threats with unprecedented ease. This innovative gadget is now available for commercial use, protecting vulnerable IT infrastructure like never before.

Analyst 207
Brightly-lit federal IT operations room with Windows-based computer systems.

CISA Mandates Patching of Exploited BlueHammer Flaw in Federal Systems

Don't let your federal systems become an easy target: CISA is mandating the patching of the exploited BlueHammer flaw to prevent malicious cyber actors from gaining a foothold. A high-severity vulnerability in Microsoft Defender can allow low-privileged users to gain SYSTEM permissions - but a patch is available.

Analyst 207