Skip to main content

Cybersecurity

General cybersecurity news and analysis

Dimly lit server room with a single brightly lit remote access appliance and a blurred login screen on a nearby monitor.

BeyondTrust Software Flaws Expose Risk of Authentication Bypass

Critical software flaws in BeyondTrust's Remote Support and Privileged Remote Access products could allow hackers to bypass authentication and gain unauthorized access, potentially putting your system integrity at risk. Two vulnerabilities, CVE-2026-40138 and CVE-2026-40139, have been identified, highlighting the urgent need for an update.

Analyst 207
Windows 11 laptop on a neutral surface with recovery menu on screen in a minimalist room with ambient daylight.

Microsoft Tests Cloud Rebuild Feature to Streamline Windows 11 Recovery

Say goodbye to tedious reinstallation processes! Microsoft is testing a game-changing Cloud Rebuild feature in Windows 11, allowing users to restore their PC to a clean state with a simple, full OS reinstall - even if Windows won't boot.

Analyst 207
Remote support software appliance on a workbench with a technician in the background.

BeyondTrust Fixes Auth Bypass Flaws in Remote Support Software

BeyondTrust has patched critical flaws in its Remote Support and Privileged Remote Access software that could let hackers take control of affected systems - but you can safeguard yours with a simple update to version 25.3.3 or higher.

Analyst 207
Server setup in a clean lab environment shows signs of vulnerability.

Linux KVM Flaw Lets Guest VMs Escape to Host on Intel, AMD Systems

A newly discovered 16-year-old flaw in Linux's KVM, nicknamed "Januscape," allows guest virtual machines to break free and interact with their host systems on Intel and AMD machines, potentially leading to full host code execution. This vulnerability, tracked as CVE-2026-53359, can cause a host to panic and be exploited for malicious purposes.

Analyst 207
Software development team collaborates around a large table in a modern office space.

Vibe Coding Exposes New Security Risks

The software development landscape is undergoing a seismic shift, evolving from traditional Waterfall and Agile models to a revolutionary conversational era driven by generative AI, also known as Vibe Coding. This new frontier promises to transform the way we create and interact with software.

Analyst 207
Security team member overwhelmed by paperwork and notes, staring at laptop screen with blurred vulnerability list.

AI Exacerbates Vulnerability Prioritization Crisis

The irony of AI-powered vulnerability discovery is that it's creating an overwhelming crisis: despite spotting weaknesses at unprecedented speed and scale, organizations are no safer - just more inundated. The harsh truth is that a vulnerability is just a clue, not risk, and the real challenge lies in prioritizing and assessing true threats.

Analyst 207
Sainsbury's supermarket interior with shoppers and a discreet security camera.

Sainsbury's Expands Facial Recognition to Combat Shoplifting

Sainsbury's is taking a bold stance against shoplifting by expanding its facial recognition technology to nearly 200 stores by 2026, but is this move a step too far for customer privacy? The supermarket giant's system has already shown promising results, with 90 percent of identified individuals choosing not to return.

Analyst 207
Security analysts work in a SOC with a large screen displaying a network graph and various security metrics on a console…

AI SOC Platforms Face Test of Predictive Power

Meet Mike Shannon, Guardant Health's Director of Security Engineering, who's ditched manual queries for Exabot - a game-changing AI solution that's revolutionizing the way security teams operate. By harnessing the power of AI SOC platforms, organizations can now automate core security tasks, freeing up teams to focus on high-stakes threats.

Analyst 207
Vintage computer tapes and documentation scattered in an archive room.

Historic Unix OS KSOS Exposed in Public Archives

Get ready to explore a piece of computing history: the source code for KSOS, a highly secure Unix operating system backed by the US Department of Defense, is now freely available in the archives of The Unix Heritage Society. This remarkable release offers a glimpse into the development of secure operating systems in the 1970s and 80s.

Analyst 207
Close-up of a video cable connected to a monitor with blurred background.

TrojPix Exploits Video Cables to Leak Air-Gapped Data

Meet TrojPix, a sneaky technique that can stealthily siphon air-gapped data at lightning-fast speeds of up to 1 megabyte per second - fast enough to exfiltrate a 100MB file in under two minutes while the monitor appears dark and inactive.

Analyst 207
Browser window with muted notification bar on a computer screen in a quiet indoor setting.

Opera GX Flaw Enables Silent Mod Installs to Steal User Data

Researchers have discovered a security flaw in Opera GX that allows for silent mod installs, potentially putting user data at risk, and surprisingly, this vulnerability can be exploited with just a single page visit. This alarming issue enables malicious mods to be installed without user consent, highlighting a concerning gap in the browser's security.

Analyst 207
Researcher works on laptop in lab while computer screen displays obscured code.

Malicious AI Skills Evade Scanners With Self-Extracting Packing

Researchers have developed a sneaky tool called SKILLCLOAK that can disguise malicious AI skills, making them slip past scanners undetected more than 90% of the time. This unsettling breakthrough challenges the reliability of static AI skill reviews, leaving a gaping hole in security defenses.

Analyst 207
Bank teller sits at desk with laptop, hinting at security vulnerability.

Banks Expose Accounts to Thieves by Making MFA Optional

Leaving multi-factor authentication optional has left countless bank accounts vulnerable to theft, with devastating consequences - just ask the 84-year-old victim who lost nearly $30,000 when thieves exploited this security gap. By making MFA optional, banks are inadvertently rolling out the red carpet for thieves.

Analyst 207
Diverse group gathered around workbench with Flipper Zero device and electronics.

Flipper Zero Firmware Evolves with Community-Driven Model

The Flipper Zero firmware is getting a boost from its vibrant community, with Flipper Devices shifting to a community-driven model to keep up with the demand from over a million users. This change will allow the company to focus on building innovative new devices while still supporting the official firmware.

Analyst 207
Close-up of computer hardware in a data center with cables and equipment.

Confidential Computing Flaws Expose Trust Risks

Researchers have uncovered alarming flaws in confidential computing, including a high-severity vulnerability rated 7.5, which can trick cryptographic systems into verifying the wrong machine, putting trust at risk. This weakness was found in protocols like attested TLS, which failed to ensure sensitive data reaches its intended destination.

Analyst 207
Small industrial control system on a neutral surface with a factory background.

Vulnerabilities in FatFs Filesystem Expose Millions of Embedded Devices to Code Execution

Millions of embedded devices are at risk of code execution due to seven vulnerabilities in the widely-used FatFs filesystem, which can be easily exploited with physical access, effectively leading to a jailbreak. This set of flaws, ranging from medium to high severity, poses a significant threat to device security.

Analyst 207
A dimly lit computer server room with idle equipment and monitors, focusing on a single unattended Linux terminal on a…

Linux Flaw Exposes Unprivileged Users to Root Access

A newly discovered Linux flaw, CVE-2026-46242, allows ordinary users to gain root access to a machine, and even Android devices are vulnerable. This alarming vulnerability, known as Bad Epoll, can be exploited with ease, but thankfully, a working fix is now available.

Analyst 207
Systems administrator looks concerned at computer screen amidst technical equipment.

Error Message Misinterpretation Exposes False Hacking Claim

A simple pause and a couple of words can make all the difference - in this case, changing a supposedly sinister hacking claim into a straightforward hard disk failure. A vice president's misread error message, "General failure reading Drive C:", nearly sparked a security scare before Lee, a quick-thinking sysadmin, got to the bottom of it.

Analyst 207
Laptop connected to external authenticator device in bright office setting.

WebAuthn Integration Breaches Windows RDP Security Gap

Prisma Browser's innovative team successfully integrated WebAuthn redirection into their RDP client, pioneering a secure solution that enables seamless authentication via local devices like YubiKey, Touch ID, or Windows Hello. This game-changing move closed a significant security gap in Windows RDP, paving the way for enhanced remote desktop security.

Analyst 207
Empty chairs surround a podium in a formal conference room with subtle digital technology hints.

Cybersecurity Reframing Fuels Governance Risks

The growing trend of treating social and regulatory issues as cybersecurity threats is blurring the lines between policy debates and governance, with far-reaching consequences. From misinformation to child safety laws, an increasing array of problems are being reframed as cybersecurity risks, changing the way we approach governance and policy.

Analyst 207
Modern office setup with laptop on desk, cityscape through window.

Startup Sues Palo Alto Networks Unit Over AI-Generated Espionage Claims

When a cybersecurity report wrongly labeled MeetingTV a part of a Chinese espionage operation, its CEO knew it was a death sentence - and now the video conferencing startup is fighting back with a lawsuit against Palo Alto Networks and Koi Security. MeetingTV alleges the report, generated by AI, was reckless and falsely accused it of criminal conduct.

Analyst 207
Cluttered workspace with laptop, smartphone, and papers, with blurred screen and urban view outside.

Google Cloud billing dispute escalates over $11,000 hijack charges

Developer Charles Jones was hit with a whopping $11,089.77 in Google Cloud charges after his account was hijacked, despite reporting the compromise and revoking the implicated keys. The unexpected charges, largely linked to Gemini image-generation models, left him stunned as his business doesn't even use such technology.

Analyst 207
Empty corporate IT room with server racks and workstations, one out-of-focus laptop screen visible.

Kaspersky Compromise Assessments Reveal Persistent Detection Gaps

Kaspersky's 2025 Compromise Assessment analysis reveals a shocking truth: 60% of incidents go undetected due to a lack of reliable alerts from existing tools, while manual detection accounts for only 20% of discovered threats. This blind spot allows threats to hide for alarmingly long periods, with 30.8% of incidents having a dwell time of over three months.

Analyst 207
Person holds credit card, looking concerned in front of blurred retail store background.

Card Data Theft Exposes Persistent US Consumer Vulnerability

Nearly half of US consumers are on high alert for card data theft, naming it their top fraud worry. A recent Capco survey found 46% of respondents citing card and card data theft as their biggest concern, beating out identity theft and other financial security threats.

Analyst 207