Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Firefox 151 helps you edit PDFs – and switch OSes
Export a profile on Windows, restore it on Linux. Extensions and themes too
America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames
I wonder what's in 'external-secret-repo-creds.yaml' and 'AWS-Workspace-Firefox-Passwords.csv'?
Startup Bolt Graphics promises 5x performance over Nvidia’s best GPU
It takes a brave company to go up against Nvidia in any market, let alone graphics performance. Intel tried and failed repeatedly, and AMD is barely hanging on. But Bolt Graphics t…
Shadow AI invades the workplace, up 4x in the last year
Employers increasingly blind to unauthorized AI use and where their staff are sending proprietary files
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Cybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users. The activity, per HUMAN's Satori Thre…
Microsoft plans to improve Windows 11 driver quality in 2026
Microsoft plans to raise the quality bar of Windows 11 drivers, as drivers "sit at the heart of every Windows experience" and connect the OS to the "silicon, components, and periph…
Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation
Drupal says attackers may develop an exploit for the vulnerability within hours or days. The post Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation appear…
Airbus gets HPC-as-a-service supercomputer from Bull
Aerospace giant rents new system over 5 years to help develop new aircraft
Microsoft blames macOS update for undismissible Teams location prompts
Microsoft has confirmed user reports that the Teams team collaboration app is displaying non-dismissible location prompts on some macOS systems. [...]
Microsoft Disrupts Malware-Signing Service Run by ‘Fox Tempest’
Fox Tempest provides a service that cybercriminals use to distribute ransomware and other malware disguised as legitimate software. The post Microsoft Disrupts Malware-Signing Serv…
PP110: News Roundup–Linux Fragged, Edge’s Password Manager Dragged, Android Intrusions Tagged, and More
JJ and Drew unpack an overstuffed suitcase of infosec stories in today’s News Roundup. Microsoft’s Edge password manager stores credentials in plaintext and Microsoft says “Yup”, t…
Clear your calendar, Drupal user: You have a critically urgent patch to install
The org’s staying mum on the details, but Wednesday’s fixes reach back to unsupported 8.9 branches
SAP customers warned AI agents could put costs on autopilot
Billing will be based on 'actions,' whatever those are, leaving enterprises to wonder how fast the meter might run
HS132: Heart of Glasswing
How can enterprise IT folks prepare for the age of Mythos? Anthropic says its Claude Mythos model is so much better at finding software vulnerabilities that it has delayed public r…
HW079: Driving AI Efficacy in Wi-Fi (Sponsored)
Every wireless vendor has an AI story. What actually matters now? Efficacy. Recorded live at Mobility Field Day, Keith sits down with HPE’s Bob Friday right off the show floor to d…
Microsoft refreshes Surface for Business lineup, starts AI PC upsell at $1,499
Latest hardware adds Intel’s newest AI-focused processors as Redmond continues pushing enterprises toward Copilot+ PCs
DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability
Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed Dir…
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. [...]
7-Eleven confirms data breach claimed by the ShinyHunters gang
Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month. [...]
X limits hot takes from freeloaders to 50 a day
How will they manage? It's not like anyone can see their posts anyway
Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation
Microsoft's total vulnerability count stayed steady in 2025, but critical flaws surged year over year. BeyondTrust breaks down why attackers are increasingly focused on privilege e…
Looking Back, Looking Forward: Digesting a Dynamic Bouillabaisse of Cyber Evolution
Dark Reading editors reflect on two decades of dramatic change — from perimeter defense to assume-breach strategies — and warn that while AI, cloud, and COVID-19 have transformed t…
AI, cybersecurity skills top IT pay premiums
AI engineering, cybersecurity, governance, data architecture, and distributed systems skills are now commanding the highest cash pay premiums in IT, according to new research from …
Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks
Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, …
Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise
Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings
Unpatched ChromaDB Vulnerability Can Lead to Server Takeover
The security defect can be exploited remotely, without authentication, to execute arbitrary code and leak sensitive information. The post Unpatched ChromaDB Vulnerability Can Lead …
Webinar: The hidden bottlenecks in network incident response
IT teams are increasingly overwhelmed by alerts from disconnected systems, forcing responders to manually coordinate investigations during network incidents. This webinar explores …
Broadcom finds a VMware customer willing to stick around: London Stock Exchange
LSEG signs up for five more years of Cloud Foundation, but keeps quiet on how much it'll cost
Google opens TPUs to enterprises beyond its own cloud via Blackstone JV
Google Cloud and Blackstone have unveiled a new joint venture aimed at building a large-scale standalone cloud platform powered by Google’s Tensor Processing Units (TPUs), marking …