Cybersecurity
General cybersecurity news and analysis

NCSC Endorses Passkeys as Default Login Method
The UK's National Cyber Security Centre now recommends passkeys as the default login method, marking a significant shift away from passwords. This endorsement comes after a year of collaboration with industry and notable improvements in passkey technology.

Weak Passwords Expose Firms to Data Loss Risk
One careless decision - using the same easily-guessable password across multiple environments - left a client vulnerable to disaster, despite a hefty investment in security tools. A simple password like "admin123" pinned in a shared Slack channel created a single point of failure that put the entire system at risk.

NCSC Endorses Passkeys Over Passwords in New Guidance
Say goodbye to password headaches! The UK's National Cyber Security Centre now recommends passkeys as a user-friendly alternative that provides stronger resilience, making it easier to log in securely.

Apple Fixes iOS Flaw That Preserved Deleted Signal Notifications
Apple has fixed a frustrating iOS flaw that was causing deleted Signal notifications to stick around, and you can get the solution by updating your iPhone or iPad to the latest software version. The update addresses a logging issue that allowed deleted notifications to be retained on the device.

Apple patches iOS flaw that retained deleted notification data
Apple fixed a security flaw in its iOS system that was storing deleted notifications, and released emergency updates on April 22, 2026, to address the issue. The out-of-band fixes, available in iOS and iPadOS updates, ensure that deleted notifications are now properly erased from your device.

NCSC Unveils SilentGlass to Secure Monitors from Cyber-Attacks
Meet SilentGlass, a game-changing plug-and-play device that shields your monitors from cyber threats with unprecedented ease, protecting your business's vulnerable IT infrastructure. This innovative solution actively blocks malicious attacks between HDMI or DisplayPort connections and monitor screens, safeguarding even the most high-threat cybersecurity environments.

UK Bolsters Cybersecurity with £90m Funding and Resilience Push
The UK government is stepping up its cyber defence game with a £90m funding boost to help small and medium-sized businesses bolster their cyber resilience and protect against growing online threats. This move aims to support organisations in implementing essential cyber security standards.

Wi-Fi Encryption Flaws Expose Enterprises to AirSnitch Attacks
Enterprises are in grave danger of being hacked through their Wi-Fi networks, as newly discovered AirSnitch attacks can bypass WPA2 and WPA3-Enterprise encryption, exposing sensitive credentials and backend systems to both insider and remote threats. This critical vulnerability undermines the very foundations of wireless network security.

AI Reshapes Cybersecurity With Renewed Focus on Fundamentals
Artificial intelligence is revolutionizing cybersecurity by refocusing efforts on timeless fundamentals, empowering agencies to make informed decisions with the help of established frameworks like the NIST Cybersecurity Framework. By layering new AI-related risks over existing ones, Cheri Pascoe, Director of the National Cybersecurity Center of Excellence at NIST, highlights the need for a strategic approach to tackle these emerging threats.

Microsoft Teams Introduces Efficiency Mode to Optimize Performance on Low-Resource PCs
Boost your Microsoft Teams experience on low-resource PCs with the upcoming Efficiency Mode, rolling out in May 2026, which optimizes performance by adjusting video resolution and app behavior for a seamless experience. This update will breathe new life into hardware-constrained devices, ensuring responsiveness and meeting quality don't suffer.

Google Deploys AI Security Agents to Counter Emerging Threats
Google is ramping up its cybersecurity game by deploying AI-powered security agents that can detect and fix threats at lightning-fast speeds, with human oversight to ensure these digital defenders stay on track. By leveraging its full AI stack, Google aims to stay ahead of emerging threats and revolutionize its defense strategy.

Microsoft Graph API Change Disrupts Universal Print Sharing
Microsoft revealed that a recent code change to the Microsoft Graph API caused a ripple effect, introducing a critical error that disrupted Universal Print sharing and left many users in a frustrating limbo. The error sparked a chain reaction, exposing a long-standing issue that prevented share operations from completing as expected.

Microsoft Fixes ASP.NET Core Bug That Enables Privilege Escalation
Microsoft just patched a critical bug in ASP.NET Core that could let hackers escalate their privileges and take control - and they've already released an out-of-band update to fix it. The flaw, tracked as CVE-2026-40372, carries a near-perfect CVSS score of 9.1, indicating a high severity threat.

Terrarium Sandbox Flaw Enables Code Execution, Container Escape
A critical flaw in Terrarium's sandbox, rated 9.3 on the CVSS scale, allows attackers to break free from container constraints and execute code with root privileges. This alarming vulnerability, tracked as CVE-2026-5752, stems from a JavaScript prototype chain traversal that lets sandboxed code run amok on the host Node.js process.

Microsoft Disrupts ASP.NET Flaw Allowing SYSTEM Privilege Escalation
Microsoft has patched a critical ASP.NET Core vulnerability, CVE-2026-40372, that allowed unauthenticated attackers to forge authentication cookies and gain SYSTEM privileges on affected devices. This fix addresses a flaw in the ASP.NET Core Data Protection cryptographic APIs that could be exploited for privilege escalation.

Mozilla Sees AI-Powered Bug Detection as Game-Changer for Security
Mozilla's CTO, Bobby Holley, exclaims that AI-powered bug detection is a game-changer for security, giving defenders a decisive edge. This innovative technology, tested on Firefox releases, has already uncovered hundreds of vulnerabilities, outpacing traditional automated fuzzers and human researchers.

Airbus Bolsters Cyber Defenses with Quarkslab Acquisition
Airbus is bolstering its cyber defenses with the acquisition of Paris-based Quarkslab, aiming to become a trusted, sovereign partner for French authorities and a major player in European cybersecurity. This move will help build a robust digital shield to protect nations and allies from evolving cyber threats.

Managed Detection and Response Targets Gaps in Cyber Defenses
State, local, tribal, and territorial organizations, along with their schools, are facing a perfect storm of rising cyber threats, limited staff, and tight budgets - making it tough to stay ahead of attacks. Managed Detection and Response can help bridge the gaps in their cyber defenses, providing the support and visibility needed to respond quickly and effectively.

Enterprises Face Identity Crisis as Machine Access Surges
As AI agents increasingly reshape enterprise operations and defenses, a new reality sets in: machine identities are surging, outnumbering human users and introducing unprecedented risks that are autonomous, fast-moving, and difficult to control. This seismic shift demands attention, as organizations scale AI and transform their attack surfaces and decision flows.

Europe Mandates 2030 Deadline for Post-Quantum Cryptography Rollout
The French National Cybersecurity Agency is urging a proactive approach to post-quantum cryptography, warning that the transition to quantum-resistant algorithms is a long-term effort that must be initiated now. France has set a 2030 deadline for ministries to deploy post-quantum encryption for sensitive systems.

Thin Posts, Fat Fixes: A Week in the Stack
Last week's coverage ran thin, and it wasn't a drop in editorial standards - it was plumbing. Some feeds handed us a paragraph and a link, and the generator wrote from what it had. Here's what broke, what I fixed, and why a one-line fetch took most of a day.

Vulnerabilities Expose 20,000 Serial-to-IP Converters to Hijacking Risk
A shocking 20,000 serial-to-IP converters are at risk of being hijacked due to newly discovered vulnerabilities, putting countless systems and data in jeopardy. Cybersecurity experts at Forescout Research Vedere Labs have uncovered 22 flaws in popular models from leading manufacturers Lantronix and Silex.

Threat Response Times Hinge on Smart SOC Design
When a breach occurs, the clock is ticking - and the cost of delayed response can be crippling, with every hour of inaction threatening data exfiltration, service disruption, regulatory exposure, and brand damage. A smart SOC design can be the difference between a swift response and a devastating fallout.

Fraud Prevention Evolves to Balance Security and User Experience
The age-old trade-off between security and user experience is no longer a given - in fact, it's possible to boost security without slowing down your customers. By combining identity, device, and network signals, businesses can effectively block fraud while providing a seamless experience for legitimate users.