Hungarian cops cuff suspected swatter after two-year FBI probe
20-year-old fessed up after investigators found video of crime in progress
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped i…
Cisco Patches High-Severity Vulnerabilities in Enterprise Products
Successful exploitation of the flaws could lead to code execution, server-side request forgery attacks, and denial-of-service conditions. The post Cisco Patches High-Severity Vulne…
EU hits snooze on AI Act rules after industry backlash
Brussels says it's simplification, critics may call it retreat
Smart Glasses for the Authorities
ICE is developing its own version of smart glasses, with facial recognition tied to various databases.
Palo Alto Networks firewall zero-day exploited for nearly a month
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. [...]
Day Zero Readiness: The Operational Gaps That Break Incident Response
Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer t…
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability Could Have Led to Code E…
NHS code clampdown draws open source backlash
Plus a petition for the UK Civil Service to go FOSS by default
Fake Claude AI website delivers new 'Beagle' Windows malware
A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. [...]
The network password was a key plot point in one of the most famous movies of all time
Fortunately, it was a legit contractor who guessed it
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family c…
Chrome silently installs a 4 GB local LLM on your computer
You did remember to opt out of AI, didn't you?
Home Office seeks three CTOs to keep borders, passports, and core IT ticking
Roles span eGates, passports, visas, asylum applications, and enterprise services – yours for up to £105K
Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico. The post Claude AI Guided Hackers Toward OT Assets…
Minister gives Palantir's NHS platform a clean bill of health
£330M contract defended as value for money despite concerns over IP and lock-in
Neocloud IREN buys OpenStack champion Mirantis
Former bitcoin miner plans to build an easier cloudy AI on ramp while remaining a friend to FOSS
vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution
A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary cod…
Datacenter to become Arm’s biggest business ‘soon’
Someone other than Meta is buying $1bn of its new AGI chips
Supply constraints, optical advances dominate Arista’s Q1
It’s mostly good news for Arista Networks, which reported total first-quarter revenue of $2.71 billion, up 35.1% compared to the year-ago quarter. The vendor raised its forecasted …
Using AI to click around on a website burns 45x as many tokens as just using APIs
For AI agents, seeing is expensive
Hackers abuse Google ads for GoDaddy ManageWP login phishing
A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy's platform for managing fleets of WordPress websites. [...]
VoidStealer Malware Darts Past Google Chrome's Encryption
Authors of the VoidStealer Trojan uncovered yet another way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers.
Instructure Breach Exposes Schools' Vendor Dependence
ShinyHunters' attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into the…
Lumen advances cloud networking vision with $475M Alkira buy
Lumen Technologies has agreed to acquire Alkira, a cloud-native network-as-a-service (NaaS) platform, for $475 million in cash. The deal targets a coverage gap that has defined…
Young evil genius forces hamster to run on wheel to power his gadgets
Okay, the rodent was a willing participant - after all, who turns down treats for a spin that charges a phone?
Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks
Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist…
Claude hitches ride on SpaceX's datacenter capacity
Compute from Colossus leads to relaxed limits
HPE bolsters autonomous network operations for Mist, Aruba Central
HPE is adding autonomous networking capabilities to its Mist and Aruba Central packages to enable those systems to detect, diagnose, and resolve issues in real time without human i…
Musk has never built a wafer fab, but he wants to burn $119B on one anyway
Initial phases of SpaceX's Terafab project in rural Texas are expected to cost about 1.25 Twitters