Skip to main content

Cybersecurity

General cybersecurity news and analysis

Metropolitan Police Stunning facial tech proven effective

Metropolitan Police Stunning facial tech proven effective

The Metropolitan Police say live facial recognition deployments across London led to 962 arrests — a headline-grabbing claim that suggests real operational impact. Supporters call it a breakthrough, while critics warn it raises serious questions about bias, privacy and oversight.

Analyst 207
Weekly Recap: Exclusive Critical Cybersecurity Roundup

Weekly Recap: Exclusive Critical Cybersecurity Roundup

When trusted cameras, everyday utilities and even Endpoint Detection and Response tools can be turned against their owners in a single week, security teams are left asking: what’s actually safe? This roundup breaks down three converging trends—BadCam firmware exploits, critical WinRAR‑style flaws, and novel strikes on EDR—and what defenders need to watch now.

Analyst 207
BankBot-YNRK Exclusive: Critical Trojans Steal Funds

BankBot-YNRK Exclusive: Critical Trojans Steal Funds

If your phone suddenly knows more about your bank account than you do, this is why: researchers uncovered banking trojans BankBot‑YNRK and DeliveryRAT that harvest credentials, hijack sessions, and even dodge detection by spotting emulators and sandboxes. They spread through sideloaded or re‑packaged apps and abuse high‑risk permissions to steal funds and control devices.

Analyst 207
HttpTroy Exclusive: Dangerous VPN Invoice Backdoor in Korea

HttpTroy Exclusive: Dangerous VPN Invoice Backdoor in Korea

HttpTroy exposes a dangerous VPN invoice backdoor in Korea. Find out how attackers are slipping into billing systems and what you can do to stay protected.

Analyst 207
Attackers Reinstall Malware on Cisco: Stunning Risk

Attackers Reinstall Malware on Cisco: Stunning Risk

Meet BADCANDY — an implant that watches for removal and quietly reinstalls itself on unpatched Cisco IOS XE devices, turning cleanup into a dangerous game of whack-a-mole that puts enterprise networks and critical infrastructure at risk. If you manage routers or switches, consider this your wake-up call to inventory, patch, and harden before attackers make persistence permanent.

Analyst 207
Nation-State Hackers Deploy Dire Exclusive Airstalk Malware

Nation-State Hackers Deploy Dire Exclusive Airstalk Malware

Think your MDM keeps devices safe? Think again — a suspected nation-state is using the AirWatch API to deploy Airstalk malware, hijacking trusted management channels to stealthily compromise fleets of phones.

Analyst 207
China-Linked Hackers Exploit Windows Flaw: Exclusive Threat

China-Linked Hackers Exploit Windows Flaw: Exclusive Threat

What looks like a harmless Windows shortcut can be a Trojan at the gate—China-linked UNC6384 used malicious .lnk files in ZIPs to invoke PowerShell and DLL sideloading, quietly breaching diplomatic and government targets across Europe in Sept–Oct 2025.

Analyst 207
China-Linked Tick Group Exclusive: Critical Lanscope 0-day

China-Linked Tick Group Exclusive: Critical Lanscope 0-day

Think of it as the patch arriving after someone already walked through the door — a critical CVE‑2025‑61932 (CVSS 9.3) zero‑day in Motex Lanscope has been weaponized in the wild by the China‑linked Tick group. The flaw allows unauthenticated SYSTEM‑level command execution on on‑prem Lanscope servers, so if you run Lanscope, find exposed instances, isolate them from untrusted networks, and apply mitigations or updates immediately.

Analyst 207
Chinese-Linked Hackers Stunning Windows Spy Damages Envoys

Chinese-Linked Hackers Stunning Windows Spy Damages Envoys

Chinese-linked UNC6384 is exploiting a Windows vulnerability to plant stealthy spyware in diplomatic and commercial networks—an unsettling upgrade in tradecraft that challenges whether governments, companies, and users can patch porous defenses before quiet probes turn into loud alarms.

Analyst 207
Locked shield overlays cityscape at dusk, with glowing laptop and phone, symbolizing digital protection and growth amidst…

MSP Cybersecurity Must-Have: Best Practices for Growth

Managed service providers can turn mounting cybersecurity pressure into growth by delivering scalable, repeatable security and clear proof of remediation. Meet clients demands for patch logs, backup safeguards, and third‑party validation—and you protect customers while standing out in a crowded market.

Analyst 207
Clearview AI Faces Stunning, Damaging Complaint in Austria

Clearview AI Faces Stunning, Damaging Complaint in Austria

Austria’s criminal complaint against Clearview AI escalates a cross-border privacy showdown, turning years of regulatory scrutiny into potential criminal liability. If regulators can pursue firms across borders, what protection remains for people whose faces sit in scraped databases?

Analyst 207
NHS Exclusive: Critical PCs Blocked from Windows 11 Rollout

NHS Exclusive: Critical PCs Blocked from Windows 11 Rollout

A handful of suppliers refusing to sign off on Windows 11 compatibility are forcing NHS trusts to pause upgrades—pitting vital clinical continuity against security and compliance and leaving staff to decide which devices come first.

Analyst 207
CISA Exclusive: Critical VMware Zero-Day in Active Attacks

CISA Exclusive: Critical VMware Zero-Day in Active Attacks

When a tool meant to simplify management becomes an intruder’s doorway, you need to act fast. CISA has added CVE-2025-41244 to its Known Exploited Vulnerabilities list after active attacks on VMware Tools and Aria Operations — patch or mitigate immediately.

Analyst 207
macOS Must-Have Security Stops Admin Errors Effortlessly

macOS Must-Have Security Stops Admin Errors Effortlessly

Stop administrative mistakes before they become breaches: a must-have macOS safeguard quietly blocks accidental mic/camera permissions, insecure SMB v1 shares, and other everyday missteps attackers exploit. Keep the convenience you need without handing adversaries an open door.

Analyst 207
Broken crown lies on cracked asphalt with shattered glass and debris, laptop and smartphone nearby.

Elementor King Addons Exclusive Flaw Hits 10k Sites

A widespread flaw in Elementor King Addons has now affected over 10,000 sites. Find out what went wrong and the quick steps you can take right now to protect your site.

Analyst 207
Dark cityscape with ominous server room and silhouetted figures huddled around a laptop screen.

Threat Actors Utilize AdaptixC2: Exclusive Critical Attacks

It’s alarming: attackers are hijacking AdaptixC2—an emulation framework built for defenders—to run stealthy, hard-to-disrupt ransomware campaigns, forcing security teams to rethink the tools they once trusted.

Analyst 207
Shadow AI: Stunning Risk as 1 in 4 Use Unapproved Tools

Shadow AI: Stunning Risk as 1 in 4 Use Unapproved Tools

What if a quarter of your team were quietly sharing company secrets with unapproved AI? Shadow AI—employees turning to consumer models to speed tasks—is convenient but can expose PII, IP and trigger costly compliance headaches.

Analyst 207
Postcode Lottery Exclusive: Damaging Data Slip

Postcode Lottery Exclusive: Damaging Data Slip

People’s Postcode Lottery says a “technical error” briefly exposed some customer data and has since fixed the fault. But with no clear details on what leaked, how many were affected, or what protections are being offered, customers are understandably left wondering who will cover the fallout.

Analyst 207
France Stunning Matrix Shift Proves Costly

France Stunning Matrix Shift Proves Costly

France’s bold bet on Matrix—meant to reclaim digital sovereignty by decentralizing messaging—has instead produced tangled integrations, federation headaches, and a heavier bill than officials expected. Now policymakers are scrambling to decide who pays and how fast a state can escape the proprietary-messaging status quo.

Analyst 207
Cracked smartphone screen with shattered lock and cityscape background, symbolizing security breach and vulnerability.

Chromium Critical Flaw: Exclusive Unpatched Alert

An unpatched Chromium flaw in the Blink rendering engine can crash browsers — and even freeze whole machines — in seconds, creating a real operational and security risk. If you manage desktops, kiosks or enterprise systems, this is one bug you need to take seriously now.

Analyst 207
Chrome Mandates HTTPS in 2026: Exclusive Best Practices

Chrome Mandates HTTPS in 2026: Exclusive Best Practices

Big news: in October 2026 Chrome 154 will default to HTTPS-only connections and refuse to load plain HTTP, risking instant traffic loss for sites that dont upgrade. Our exclusive best practices show how to implement TLS quickly, prevent downtime, and keep your users safe.

Analyst 207
EY Exposes 4TB SQL DB: Exclusive Critical Breach

EY Exposes 4TB SQL DB: Exclusive Critical Breach

When the vault is unlocked: a researcher reportedly found a 4TB SQL DB backup tied to EY sitting exposed on the open web, potentially leaking vast amounts of sensitive data. Its a blunt wake‑up call — backups must be encrypted, access‑restricted, and treated as compromised the moment theyre reachable.

Analyst 207
Signal: Stunning Post-Quantum Crypto Promises Best Security

Signal: Stunning Post-Quantum Crypto Promises Best Security

Signal quietly rolled out a clever post-quantum ratchet that layers quantum‑safe keying alongside its trusted Double Ratchet, preserving forward secrecy while guarding against harvest now, decrypt later attacks. The result is elegant and low‑risk: the protections users know and auditors trust, plus resilience to powerful future quantum computers.

Analyst 207
Automated Botnet Attacks Exclusive: Critical PHP, IoT Surge

Automated Botnet Attacks Exclusive: Critical PHP, IoT Surge

Think of the internet as a house with unlocked doors—automated botnets are testing every handle, exploiting PHP flaws, IoT devices, and cloud misconfigurations to swell their ranks. If you run servers or smart devices, patch, change defaults, and lock things down now.

Analyst 207