AI agents can now manipulate your organization. Are you ready?
SPONSORED POST: Agents with hands require a hands-on policy
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any …
Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures
Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks
What 345 Days of Untested Exposure Looks Like at a Bank
A two-week penetration test can leave roughly 345 days of real-world exposure unvalidated. Sprocket Security explores why continuous testing is becoming critical as attack surfaces…
Autonomous AI Tool Finds 2-Year-Old RCE Flaw in Redis (CVE-2026-23479)
Redis has patched a use-after-free in its blocking-client code that lets an authenticated user run arbitrary OS commands on the machine hosting the database. The flaw was found b…
Microsoft Build: Surface RTX Spark Dev Box, Coreutils for Windows, air-gapped GitHub and more
Execution Containers provide safe environment for running AI agents, while Windows Developer Config aims to make Windows less unpleasant for developers
Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs
Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites. The post Kirki, Burst Statistics WordPress Plugin Flaws…
Security of 100 AI Agents Tested and Ranked – What You Need to Know
The AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential impact of a breach, and the strength of their security defense…
Microsoft Fixes One-Click GitHub Dev Attack That Let Attackers Steal OAuth Tokens
Cybersecurity researchers have disclosed a one-click attack via Microsoft Visual Studio Code (VS Code) that makes it possible to steal a user's GitHub token. "Just by clicking a l…
Listen up, England. The Health Secretary is going to be data controller for everyone's Single Patient Record
No, public bucket policy doesn't mean everyone gets a bucket for themselves. Please let Tech do it. Don't go into Settings... NOOOOOO!
Hackers Target Global Stock Exchange in Espionage Operation
The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in Espionage Operation ap…
IMA Diligence Services Data Breach Impacts 525,000 People
The affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts 525,000 People appeared…
Citation, please! UK regulator slaps Google with new publishing rules for search
Action follows Chocolate Factory's changes to AI search results
Malicious Notifications Could Trick Google Gemini Users
A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more.
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousand…
Organizations Warned of Exploited Linux Kernel Vulnerability
An improper authentication bug allows attackers to escalate their privileges and escape containers. The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared f…
Acer working to patch max severity zero-days in Wave 7 routers
Acer is working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. [...]
Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore
Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on win…
AI Used to Decrypt Medieval Ciphers
Researchers are using machine learning algorithms to decrypt historical pencil-and-paper ciphers.
UK banks offered access to OpenAI’s GPT-5.5 amid exclusion from Anthropic’s Glasswing expansion
150 new organizations inducted to cyber’s Soho House, including the first outside the US
‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds
The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. The post ‘HTTP/2 Bomb’ Exploit Knock…
Unpatched Windows Search URI Vulnerability Lets Attackers Steal NTLMv2 Hashes
Cybersecurity researchers have disclosed details of an unpatched issue that could be exploited to disclose a user's NTLMv2 hash to the attacker. Like in the case of CVE-2026-33829…
Police dismantles 9 crime groups in illegal streaming crackdown
European and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations. [...]
ZTE and partners nurture global ICT talent through 2026 engineering capacity building program
Global ICT experts gather in Shenzhen to master cutting-edge engineering practices and foster international collaboration
Automattic's CMS empire shows cracks as WordPress share falls
Web publishing giant remains dominant, but 6 straight months of decline suggest era of uninterrupted growth may be over
Global Stock Exchange Hit by Monthslong Email Campaign
A threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools.
Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities. The post Microsoft Tries to Calm Legal Threat Fe…
Google adds Android protection against AI deepfake scam calls
Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user's personal contacts. …
UK lawmakers call on government to ditch Palantir NHS contract
Lock-in to a small number of suppliers holding up digital government plans, committee says
New HTTP/2 Bomb Vulnerability Allows Remote DoS on NGINX, Apache, IIS, Envoy & Cloudflare
Cybersecurity researchers have discovered a remote denial-of-service exploit that affects major web servers, including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pin…