Feds freaked over Fable 5 after simple 'fix this code' prompt, not jailbreak, says researcher
According to the one person who actually read the research paper
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
AI has changed data architecture, but storage hasn't caught up
SPONSORED FEATURE: AI's hunger for data outstrips storage smarts, leaving GPUs famished
DARPA seeks swappable satellites to help with future star wars
Worried that an unexpected strike could take out critical orbital systems, Pentagon researchers want to know how fast the industry thinks it could launch replacements
SimpleHelp bug lets hackers create rogue remote support accounts
A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) au…
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense ema…
Anthropic reserves right to check ID for Claude subs
How can I help you today? Present your papers to begin
North Korean Hackers Are Turning Developer Tools Into Malware Delivery Channels
Cybersecurity researchers have flagged two malicious cyber campaigns that exhibit similarities with a persistent North Korean threat cluster known as Contagious Interview (aka Famo…
HTTP/2 Bomb Attacks Put Telcos, Healthcare Orgs at Risk
The denial-of-service (DoS) exploit takes advantage of two features in HTTP/2 that were designed to save Internet bandwith, not power massive amplification attacks.
Copilot 'SearchLeak' Attack Allows 1-Click Data Theft
The critical, three-stage attack is now patched, but it's part of a new group of AI prompt-injection issues that use hidden URLs and other variables.
HPE offers VMware refugees a year off the meter
Free VM Essentials license and cut-price Zerto dangled at customers eyeing a platform escape
NB579: Datadog Unleashes Autonomous Agents; SpaceX Launches IPO
Take a Network Break! Our Red Alert covers critical vulnerabilities in Ivanti Sentry, including OS command injection and authentication bypass, for which patches are now available.…
Council of Europe hacked in ShinyHunters' PeopleSoft heist
Joins the ranks of Nottingham Uni and 100 other unnamed victims
OptinMonster WordPress plugin hacked in CDN supply-chain attack
WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). [...]
Java's Project Valhalla finally lands a preview in JDK 28
Don't hold your breath, though – architect Brian Goetz warns devs it will likely still be preview in next LTS release
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileg…
China-Nexus Actor Spies on US Researchers Undetected for a Year
Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to breach numerous institutions and exfiltrate sensitive data.
Feds snooze as US datacenter law set to lapse with no replacement in site
Federal Data Center Enhancement Act (FDCEA) of 2023 covers standards including security and sustainability
Most CISOs Report Pressure to Bury Bad Security News
Executive leaders may not be saying it aloud, but business objectives and priorities don't always promote timely disclosures.
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed …
Council of Europe investigates ShinyHunters data breach claims
The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. [...]
The Y2K bug is back! Dutch dev digs up untimely flaw in old BSD build
26 years late and no threat unless you still run a PDP-11/70 and rely on short-wave timekeeping broadcasts
NASA management wants a word and won't say why
A mystery calendar event is certainly one way to find out about being selected for the Artemis III crew
IBM sends signals with its $10 billion quantum pledge
“The quantum era is no longer ahead of us, it has started,” said IBM CEO Arvind Krishna in statement tied to news that the company is committing $10 billion to advancing quantum co…
Red Hat gives Ubuntu a bootc up the backside at Canonical shindig
Bootable containers pitch shows how distro can be managed with familiar OCI tooling
Microsoft site throwing warnings after someone forgot to renew cert
Connectivity checker trips browser alarms thanks to lapsed security paperwork
FBI: Fraudsters use couriers to steal money in crypto scams
The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butcheri…
Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Producer
Mackay Sugar was targeted in a cyberattack carried out by a threat group known as The Gentlemen. The post Ransomware Attack Shuts Down Mills of Australia’s Second-Largest Sugar Pro…
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers …
The Beginning of the End of Social Engineering
AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself.
Europe's AI paralysis has a solution - and it starts with a semantic twin
PARTNER CONTENT: Onix's Wingspan platform promises to move enterprises from pilot purgatory to governed, enterprise-wide AI deployment in weeks, not years