Vulnerability Management
Apple Fixes iOS Flaw That Preserved Deleted Signal Notifications
Apple has fixed a frustrating iOS flaw that was causing deleted Signal notifications to stick around, and you can get the solution by updating your iPhone or iPad to the latest software version. The update addresses a logging issue that allowed deleted notifications to be retained on the device.
Apple patches iOS flaw that retained deleted notification data
Apple fixed a security flaw in its iOS system that was storing deleted notifications, and released emergency updates on April 22, 2026, to address the issue. The out-of-band fixes, available in iOS and iPadOS updates, ensure that deleted notifications are now properly erased from your device.
UK Bolsters Cybersecurity with £90m Funding and Resilience Push
The UK government is stepping up its cyber defence game with a £90m funding boost to help small and medium-sized businesses bolster their cyber resilience and protect against growing online threats. This move aims to support organisations in implementing essential cyber security standards.
Microsoft Fixes ASP.NET Core Bug That Enables Privilege Escalation
Microsoft just patched a critical bug in ASP.NET Core that could let hackers escalate their privileges and take control - and they've already released an out-of-band update to fix it. The flaw, tracked as CVE-2026-40372, carries a near-perfect CVSS score of 9.1, indicating a high severity threat.
Terrarium Sandbox Flaw Enables Code Execution, Container Escape
A critical flaw in Terrarium's sandbox, rated 9.3 on the CVSS scale, allows attackers to break free from container constraints and execute code with root privileges. This alarming vulnerability, tracked as CVE-2026-5752, stems from a JavaScript prototype chain traversal that lets sandboxed code run amok on the host Node.js process.
Microsoft Disrupts ASP.NET Flaw Allowing SYSTEM Privilege Escalation
Microsoft has patched a critical ASP.NET Core vulnerability, CVE-2026-40372, that allowed unauthenticated attackers to forge authentication cookies and gain SYSTEM privileges on affected devices. This fix addresses a flaw in the ASP.NET Core Data Protection cryptographic APIs that could be exploited for privilege escalation.
Mozilla Sees AI-Powered Bug Detection as Game-Changer for Security
Mozilla's CTO, Bobby Holley, exclaims that AI-powered bug detection is a game-changer for security, giving defenders a decisive edge. This innovative technology, tested on Firefox releases, has already uncovered hundreds of vulnerabilities, outpacing traditional automated fuzzers and human researchers.
Europe Mandates 2030 Deadline for Post-Quantum Cryptography Rollout
The French National Cybersecurity Agency is urging a proactive approach to post-quantum cryptography, warning that the transition to quantum-resistant algorithms is a long-term effort that must be initiated now. France has set a 2030 deadline for ministries to deploy post-quantum encryption for sensitive systems.
Vulnerabilities Expose 20,000 Serial-to-IP Converters to Hijacking Risk
A shocking 20,000 serial-to-IP converters are at risk of being hijacked due to newly discovered vulnerabilities, putting countless systems and data in jeopardy. Cybersecurity experts at Forescout Research Vedere Labs have uncovered 22 flaws in popular models from leading manufacturers Lantronix and Silex.
AI Advances Vulnerability Discovery, Raises Bar for Defenders
The game-changing AI system, Mythos, has made significant strides in vulnerability discovery, revealing software flaws with unprecedented depth - but does this progress signal a sigh of relief or a surge of concern for defenders? As automated discovery advances, it's clear that Mythos is a crucial step forward, not a sudden collapse of security efforts.
Google Fixes Antigravity Flaw That Enabled Code Execution
Google's Antigravity tool, designed to streamline coding, had a flaw that allowed hackers to run malicious code - but luckily, the tech giant has patched the vulnerability. This fix prevents cyber threats that could have exploited the tool's file-creation capabilities and lax input sanitization.
GreyNoise Tracks Emerging Edge-Device Vulnerabilities in Network 'Background Noise
Imagine if the hum of internet chatter could predict the next big security threat - GreyNoise researchers have cracked the code, uncovering a pattern in network background noise that signals impending edge-device vulnerabilities. This breakthrough offers defenders a crucial early-warning system to stay ahead of emerging threats.
AI Models Turbocharge Vulnerability Discovery
Imagine a world where AI models don't just help find software bugs, but actually behave like expert security researchers - that's the reality we're facing, and it's changing the vulnerability discovery game. Frontier AI models are now capable of autonomously discovering zero-day vulnerabilities and speeding up patching processes.
Firms Scramble to Secure AI-Generated Code
As AI-generated code becomes more prevalent, a pressing question emerges: how much attention should security teams give to code produced by artificial intelligence? The surprising answer: a lot, with 58% of organizations dedicating over 10 hours a month to securing it.
Microsoft Issues Emergency Update to Fix Windows Server Restart Loop
Microsoft has released an emergency update to fix a critical issue causing some Windows Server devices to get stuck in a restart loop after a recent update. This out-of-band update aims to quickly resolve the problem and prevent further disruptions.
MCP Flaw Exposes AI Supply Chain to Remote Code Execution Risk
A critical flaw in the Model Context Protocol could allow attackers to run malicious code across dependent machines, posing a remote code execution risk that ripples through the AI supply chain. This structural weakness, discovered by cybersecurity researchers, highlights a vulnerable link in the AI ecosystem.
Microsoft Fixes Windows Server Issues with Emergency Updates
Microsoft has released emergency updates to fix critical issues with Windows Server systems that arose after installing the April 2026 security updates, ensuring administrators can safeguard their systems without worrying about unexpected server trouble. These out-of-band updates provide a swift remedy for problems introduced by the routine security patches.
NIST Scales Back Vulnerability Ratings Amid Surge in Submissions
The National Institute of Standards and Technology is overhauling its vulnerability rating system, scaling back severity scores for lower-priority flaws as submissions surge. This change means some software flaws will no longer get a severity score, shifting focus to the most critical vulnerabilities.
AI Vendors Downplay Role in Security Vulnerabilities
AI vendors are caught in a contradictory spin cycle, urging companies to rely on AI to combat threats while downplaying security flaws, leaving customers wondering who's truly responsible for safeguarding their systems. When vulnerabilities arise, these vendors often claim it's simply their AI working as intended - a response that only fuels concerns about their maturity and accountability.
Protobuf library flaw enables remote JavaScript code execution
A critical flaw in the popular protobuf.js library has been exposed, allowing hackers to execute JavaScript code remotely - and a proof-of-concept exploit has already been published, putting countless systems at risk.
AI Models Accelerate Vulnerability Research, Raising Cybersecurity Risks
Commercial AI models are rapidly advancing vulnerability research and exploit development, cutting the time from discovery to exploitation and significantly raising the stakes for cybersecurity. This emerging trend poses new and heightened risks for the industry.
Apple Rushes Fix for iPhone Passcode Bug
Locked out of your iPhone for months? Apple is finally on the case, rushing to fix a frustrating passcode bug that's left some users feeling stuck - and even considering a switch to Android.
NIST Curtails CVE Enrichment Amid Vulnerability Surge
The National Institute of Standards and Technology (NIST) is overhauling its approach to enriching entries in the National Vulnerability Database (NVD) due to a staggering 263% surge in vulnerability submissions. To keep pace, NIST will now prioritize enrichment for only the most critical entries that meet specific conditions.
Microsoft patches trigger reboot loops in some Windows servers
Microsoft's latest security updates have caused some Windows servers to malfunction, triggering frustrating reboot loops that can bring entire authentication backbones to a grinding halt. This unexpected issue raises serious concerns about the reliability of enterprise updates.