Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Max severity Cisco Secure Workload flaw gives Site Admin privileges
Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. [...]
AWS parades orgs that took up its offer for Euro Sovereign Cloud
Customers want their data kept and processed strictly within the EU
Years after UK Post Office scandal broke, Accenture and OneView Commerce bag contract to replace Horizon
Service tries to move on from troubled decades of Fujitsu relationship with £410 million in deals for system that hurt so many
Police seize “First VPN” service used in ransomware, data theft attacks
A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. [...]
Content Delivery Exploit Opens Websites to Brand Hijacking
The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity.
Gemini accused of 30,000-line code purge and fake recovery report
Developer: AI coding agent broke production and generated fictitious post-mortem paperwork after the rollback
Forward launches Predict to take the guesswork out of network changes
Forward (formerly Forward Networks) has been building out technology for a decade to help enterprises better understand their network traffic. In January, the company launched an a…
Minecraft-streaming gran swatted while raising cash for grandson's cancer care
Sue Jacquot said she had a great time, despite the rude awakening
Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach
Leakage blamed on treacherous friends exposed unencrypted credentials, email addresses
Cisco Patches Critical Vulnerability in Secure Workload
Insufficient validation and authentication in the Secure Workload’s REST APIs provide remote attackers with Site Admin privileges. The post Cisco Patches Critical Vulnerability in …
Vivaldi 8 polishes the chrome without coating it in AI
Unified UI revamp gives browser a cleaner look while rivals keep wedging assistants into the web
ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: a…
Ocean Emerges From Stealth With $28M for Agentic Email Security Platform
The company has developed a platform that uses specialized AI agents to inspect every incoming message. The post Ocean Emerges From Stealth With $28M for Agentic Email Security Pla…
Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw
Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs
Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention
The company blocked over 1.1 billion accounts and $2.2 billion in potentially fraudulent transactions. The post Apple Rejected 2 Million App Store Submissions in 2025 for Security …
Flipper One project needs community help to build open Linux platform
Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. [...]
Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking
CVE-2026-9082 can be exploited without authentication for information disclosure, privilege escalation, and remote code execution. The post Drupal Patches Highly Critical Vulnerabi…
Microsoft Warns of Two Actively Exploited Defender Vulnerabilities
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091,…
Apple adds AI smarts to Voice Control, VoiceOver and Magnifier ahead of Accessibility Day
Natural language commands and better image descriptions but Mac users and dictation fans may still be waiting
Socket Raises $60 Million at $1 Billion Valuation
The company will invest in its firewall, certified patches, protection extensions, new products, and team expansion. The post Socket Raises $60 Million at $1 Billion Valuation appe…
When Identity is the Attack Path
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS …
Microsoft storms RAMPART, adds Clarity to agentic AI safety
Redmond open sources two tools for building and maintaining safer agents
Think tank to UK government: You can't build the future on systems from the past
Legacy IT is getting worse, not better, and could trip up Whitehall's shiny digital plans, report warns
Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days
The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition. The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Da…
Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI
More than 200 vulnerabilities patched in recent Chrome releases are marked as ‘reported by Google’. The post Google’s Surge in Chrome Vulnerability Discoveries Likely Driven by AI …
UK.gov hikes health AI tender by 400% – and hundreds of millions – after a chat with suppliers
Maximum framework value sky-rockets from £150M to £600M after 'an extensive intelligence gathering exercise'
UK’s Education Committee: Social media ban a must to save children’s mental health
Committee says tech companies are failing children and cannot be trusted to self-regulate
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: To…
Shifting Budget Dynamics for Identity Security and AI Agents
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent ide…