Cybersecurity
General cybersecurity news and analysis

India Warns WhatsApp Over Username Rollout Citing Security Risks
India's Ministry of Electronics and Information Technology has warned WhatsApp to halt its global rollout of a new usernames feature, citing security risks, and given the Meta-owned platform just three days to respond. The move has sparked concerns over regulatory action and the protection of user data.

Identity Lifecycle Management Struggles to Govern AI Agents
Traditional identity lifecycle management systems were designed with humans in mind, relying on HR data to dictate access and permissions. But with AI agents on the rise, this approach is no longer enough.

Microsoft Resolves Outlook Copilot Button Glitch with Service Update
Microsoft has fixed a frustrating glitch in Classic Outlook that caused the Copilot button to vanish for some users, and the solution was rolled out as a service update on June 29, 2026. The update restored access to Copilot features, which were still available through other Microsoft 365 entry points.

Opera Introduces Paste Protect to Thwart ClickFix Attacks
Opera's new Paste Protect feature helps keep you safe from sneaky ClickFix attacks by automatically blocking suspicious copy actions that could land malware on your device. This clever tool outsmarts scammers who try to trick you into pasting malicious commands, protecting you from unwanted surprises.

NCSC Offers Guidance on Thwarting Penetration Testers
Want to make life harder for hackers? The National Cyber Security Centre teamed up with penetration testers to share practical tips on building secure systems from the ground up.

Physical Security Lapses Grant Hackers Network Admin Access
Meet Kristopher Johnson and Michael, two expert red teamers who walked into a company's office through an unlocked maintenance door, posing as new IT employees, and gained access to the building by simply offering to help shovel ice. Their easy entry exposed a shocking truth: physical security lapses can give hackers an open invitation to wreak havoc on your network.

Papa Johns Taps Data to Target Hungry Shoppers
By teaming up with Instacart, NBCUniversal, and Carat, Papa Johns successfully reached hungry shoppers at the perfect moment - when their fridges were running low on essentials. This clever approach used data to target consumers when they were most likely to crave a delicious pizza.

Schneider Electric Software Vulnerability Exposes Industrial Facilities to Risk
A newly discovered vulnerability in Schneider Electric's Floating License Manager could put industrial facilities at risk, allowing attackers to exploit a weakness in the FlexNet Publisher component. This security gap stems from a hardcoded OpenSSL configuration path that can be manipulated to load malicious DLLs.

OpenClaw Ecosystem Exposes Users to Growing Security Risks
With around 530 vulnerabilities discovered in under two years, the OpenClaw ecosystem poses a growing security threat to its users, putting their sensitive data at risk. Its design, while user-friendly, may be inadvertently leaving users exposed.

Post-Quantum Cryptography Gains Urgent Momentum
In a major milestone, over 70% of human-generated HTTPS requests are now secured with post-quantum key exchange, according to Cloudflare's latest telemetry data, marking a significant leap towards a more secure digital future. This rapid adoption signals that post-quantum cryptography is no longer just an experiment, but a vital protection for billions of online requests every day.

Adobe Fixes CVSS 10.0 Flaws in ColdFusion and Campaign Classic
Adobe is racing against the clock to keep you safe, with emergency updates for ColdFusion and Campaign Classic that squash critical flaws allowing hackers to wreak havoc. The timely patches fix vulnerabilities that could lead to devastating attacks, from code execution to security breaches.

Criminal IP Enhances OpenCTI with Contextual Threat Intelligence Integration
Unlock the full potential of your threat intelligence with Criminal IP's integration with OpenCTI, providing rich contextual insights to supercharge investigation, correlation, and decision-making. By adding dual-perspective risk scoring, analysts gain a more nuanced view of IP risks, with separate signals for inbound and outbound threats.

Cybersecurity Awareness Outpaces Resilience
Despite having a high awareness of cyber risks, many organizations are struggling to build operational resilience, with gaps in visibility, capability, priorities, and culture hindering their ability to effectively manage threats. The 2026 Bitdefender Cybersecurity Assessment reveals a concerning disconnect between knowing the risks and taking action to mitigate them.

Microsoft Accelerates Post-Quantum Cryptography Migration to 2029
Microsoft is speeding up its transition to post-quantum cryptography, aiming to integrate quantum-safe security into its critical products and services by 2029, in response to rapid advancements in quantum computing. This accelerated timeline is part of its effort to stay ahead of emerging threats and secure trust chains.

Microsoft Restores GIF Functionality in Windows Emoji Panel After Provider Shutdown
Microsoft has restored GIF functionality in the Windows Emoji Panel after a brief outage caused by the retirement of the Tenor GIF service, and has since switched to a new provider, GIPHY, to keep the fun going. The update, KB5095093, fixes the issue that left some users seeing a "GIF service is not available" message.

Microsoft Accelerates Post-Quantum Cryptography Push by 2029
Microsoft is speeding up its post-quantum cryptography push, aiming to complete the transition by 2029, as advances in quantum research increase the urgency to protect against potential cyber threats. The move is driven by the risk of cryptographically relevant quantum computers emerging sooner than expected, capable of cracking current encryption methods.

Citrix Discloses High-Severity NetScaler Flaw with CitrixBleed Echoes
Citrix has uncovered a high-severity flaw in its NetScaler appliances, adding to concerns about the trend of fragile memory management in these systems, which can lead to sensitive data leaks with just a misconfiguration. This latest vulnerability, CVE-2026-8451, was discovered by watchTowr researchers and is part of six newly disclosed vulnerabilities in Citrix's NetScaler ADC and Gateway appliances.

Citrix Fixes Flaws in NetScaler Software Exposing Users to File Reads and DoS Attacks
Citrix has patched six high-risk vulnerabilities in its NetScaler software, including flaws that could expose users to file reads and devastating denial-of-service attacks. These critical updates address issues with CVSS scores as high as 8.8, emphasizing the urgent need for users to apply the fixes.

Organizations Lag in AI Usage Visibility, Exposing Security Gaps
Most organizations are flying blind when it comes to AI usage, with nearly half of respondents citing internal AI systems and Large Language Models as their top security concern, yet many still underestimate the risks of employees sharing sensitive data with public LLMs. This blind spot leaves a gaping hole in their security defenses.

Microsoft Warns AI Agents Can Leak Data via Poisoned Tool Descriptions
A single line of plain text can unwittingly turn a helpful AI agent into a stealthy data thief, exposing sensitive information through a vulnerability in the Model Context Protocol (MCP). This fast-growing attack surface has Microsoft warning of a potentially disastrous trust boundary breach.

Infosec Pros Ditch Automated Pentesting Tools Amid AI Vulnerability Failures
Infosec pros are ditching automated pentesting tools as they fail to detect AI-driven vulnerabilities, with 78% of practitioners experiencing critical false negatives. Humans are needed to outsmart AI-era flaws that automated scanners miss.

Federal Agencies Modernize Security with Zero Trust Architecture
Federal agencies are revolutionizing their security approach with Zero Trust Architecture, shifting from mere compliance to a robust operational framework that enables seamless mobility, cloud modernization, and AI-driven decision making. By embracing this cutting-edge strategy, leaders are transforming their organizations to stay ahead of emerging threats.

DHS Revives Cybersecurity Council for Critical Infrastructure
The Department of Homeland Security is launching the Alliance of National Councils for Homeland Operational Resilience – Critical Infrastructure program to boost cybersecurity coordination between government agencies and private sector partners. This new initiative aims to bring together experts from various fields to tackle the latest threats and protect critical infrastructure.

iOS AI Apps Expose API Keys, Open AI Proxy Access
Nearly two-thirds of AI chatbot apps for iPhone, that's 282 out of 444 tested, are leaking sensitive API keys, leaving users' data vulnerable to exposure through open AI proxy access. This alarming discovery highlights a critical security gap in many popular iOS AI apps.