Is 2026 the Year AI Bills of Materials Get Real?
Understanding AI BOMs and where they fit into risk management for artificial intelligence.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Microsoft Exchange Zero-Day Under Attack, No Patch Available
CVE-2026-42897 stems from a cross-site scripting (XSS) vulnerability and can allow an attacker to compromise Outlook Web Access (OWA) mailboxes.
SHub macOS infostealer variant spoofs Apple security updates
A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. [...]
MAGA's Mace wants to make power bills great again, calls for datacenter moratorium
Even self-described ‘Trump in high heels’ candidate warns bit barns could send power bills soaring
'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments
The now-patched vulnerabilities in the rapidly growing AI agent framework allow attackers to steal credentials, escalate privileges, and maintain persistence.
Uncle Sam's next big supercomputer might use something more exotic than GPUs
Chip startup NextSilicon's high-performance-computing-focused accelerators get Sandia National Lab's stamp of approval
CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly…
Shai-Hulud Worm Clones Spread After Code Release
The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.
5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
Many employees already use shadow AI tools at work without security review. Adaptive Security breaks down how teams can build practical AI governance without adding friction for em…
Yes, you can serve a website from a $1 microcontroller
Well, page is more accurate, but the source code is available if you want to try doing something even crazier
NB575: AI Multipath Protocol Goes to Open Compute Project; Cisco Shrinks Workforce as Income Swells
Take a Network Break! In this week’s Red Alert we suggest an audit of your Azure environment after Microsoft says it patched four critical vulnerabilities. On the news front, Nvidi…
Leaked Shai-Hulud malware fuels new npm infostealer campaign
The Shai-Hulud malware leaked last week is now used in new attacks on the Node Package Manager (npm) index, as infected packages emerged over the weekend. [...]
INTERPOL Operation Ramz Disrupts MENA Cybercrime Networks with 201 Arrests
INTERPOL has coordinated a first-of-its-kind cybercrime crackdown across the Middle East and North Africa (MENA) that led to 201 arrests and the identification of an additional 382…
Linux kernel flaw opens root-only files to unprivileged users
Plus ModuleJail, a radical proposal for minimizing the impact of similar bugs
Fuel Tank Breaches Expand Scope of Iran's Cyber Offensive
Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors.
Europe tests laser links as satellite comms outgrow radio
Greek mountaintop ground station aims infrared beams at CubeSats in ESA-backed optical networking trial
Dutch cops’ shame game works wonders as most wanted scammers now turned in
Game Over?! gamified the identification of scammers who sought thrills from terrorising the elderly
'Big AI' is subverting regulations just like tobacco and oil firms
Researchers warn that regulatory capture means industry concerns trump those of citizens
TanStack weighs invitation-only pull requests after supply chain attack
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions
NetOps teams look to AI to automate Day 2 operations
Network engineers tell me that their teams are chronically understaffed. This is partially a labor market issue, given that 52% of IT organizations recently told Enterprise Managem…
⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More
Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer…
Grafana says stolen GitHub token let hackers steal codebase
Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. [...]
Microsoft remembers that taskbars used to move
Experimental Windows 11 build restores some old favorites, though the rough edges are still showing
NGINX Rift attackers waste no time targeting exposed servers
Researchers say 18-year-old flaw already being probed and exploited just days after disclosure
The Boring Stuff Is Dangerous Now
AI agents capable of discovering and exploiting obscure vulnerabilities are emerging alongside developers producing vast amounts of potentially flawed AI-generated code, forcing de…
How to Reduce Phishing Exposure Before It Turns into Business Disruption
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggl…
Millions Impacted Across Several US Healthcare Data Breaches
Several healthcare data breaches impacting hundreds of thousands and even millions were added to the HHS tracker. The post Millions Impacted Across Several US Healthcare Data Breac…
Poland directs officials to ditch Signal in favor of 'secure' state-developed alternative
Shift comes amid mounting reports of successful social engineering attacks targeting higher-ups in government
‘Claw Chain’ OpenClaw Flaws Allow Sandbox Escape, Backdoor Delivery
Four vulnerabilities in OpenClaw can be chained together to steal credentials, escape the sandbox, and plant persistent backdoors. The post ‘Claw Chain’ OpenClaw Flaws Allow Sandbo…
Boulevard of Broken Dreams: 2 Decades of Cyber Fails
From the MGM and Caesars fiasco and MOVEit's patch nightmare to epic business blunders and the jaded reality of living in a post-breach world, Dark Reading looks back at the mistak…