CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations. Quest KACE SMA is an on-premises endpoint management platform…
AI, Global Security News, Russia
Signal responds to phishing attacks with new in-app security warnings
Signal is adding new protections for users following recent phishing and social engineering attacks. In March, the FBI and CISA issued a warning stating that Signal had become a primary target of Russian intelligence-linked hackers. Dutch and German security authorities were among the first to identify phishing campaigns targeting Signal users. The scheme centered on…
AI, Data Breaches, Global Security News
Tuskira’s Kairo exposes hidden AI-driven breach paths
Tuskira has announced the launch of Kairo, a breach modeling capability that detects deep, hidden breach paths by leveraging its security data mesh and digital twin technology. Kairo helps security teams improve breach resilience by modeling how attackers can leverage new AI models to laterally move across an environment, identifying deep hidden kill chains across…
AI, china, Global Security News
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a “multi-wave intrusion” targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244),…
AI, china, Global Security News, Government & Policy
China’s ‘FamousSparrow’ APT Nests in South Caucasus Energy Firm
The cyberthreat group targets an Azerbaijani oil and gas firm with repeated attacks, as the China-linked actors extend targeting beyond hospitality, telecom, and government sectors.
AI, Global Security News
LatAm Vibe Hackers Generate Custom Hacking Tools on the Fly
In the latest evolution of automated cyberattacks, two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil.
AI, Global Security News
OpenAI DeployCo Expands Enterprise AI Services Push
OpenAI is moving further into the part of AI adoption that tends to be slower, more complicated, and a lot less visible than model launches. The company has launched the OpenAI Deployment Company, or DeployCo, a new unit backed by more than $4 billion from a mix of private equity firms and consulting players, including…
Global Security News
Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
Foxconn, the world’s largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack. […]
Global Security News, Government & Policy
Apricorn hardens ASK3 encrypted USB drive for extreme conditions
Apricorn has announced enhancements to its Aegis Secure Key 3.0 (ASK3), delivering faster performance and new environmental protection capabilities designed to secure the device and its data in the most demanding physical circumstances. The ASK3 was updated to meet and exceed the latest NIST Cryptographic Module Validation Program (CMVP) for FIPS 140-3 Level 3 validation,…
Global Security News
73 Seconds to Breach, 24 Hours to Patch: The Case for Autonomous Validation
Attackers can compromise systems in minutes while patching and response still take hours or days. Picus Security breaks down why autonomous validation is becoming critical for modern defense strategies. […]
Cybersecurity, Global Security News
Ransomware: Over Half of CISOs Would Consider Paying Ransom to Hackers
Survey of cybersecurity leaders suggests that majority would strongly consider paying cybercriminals, if that’s what it took to help restore encrypted systems
AI, Global Security News
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…
Global Security News
Slovakian Admin of Dark Web Kingdom Market Jailed for 16 Years in US
A Slovakian administrator tied to the dark web Kingdom Market received a 16 year US prison sentence for drug trafficking and cybercrime activity.
AI, Global Security News
Microsoft’s new AI system finds 16 Windows flaws, including four critical RCEs
Microsoft has unveiled a new AI-driven vulnerability discovery system that identified 16 previously unknown Windows vulnerabilities, including four critical remote code execution flaws, in what security analysts say could mark a major shift in how software vulnerabilities are discovered and remediated. The system, codenamed MDASH, was developed by Microsoft’s Autonomous Code Security team alongside the…
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, privacy
LW ROUNDTABLE: Microsoft Edge normalizes credential exposure — security pros push back
By design. Two words that have done an awful lot of heavy lifting in the cybersecurity industry over the years. They tend to surface whenever a vendor wants to wave off a serious finding without fixing it. Related: The unending password problem Microsoft just deployed them again. This time in response to a Norwegian researcher…
AI, Apps, Cloud Security, Compliance, Cybersecurity, Global Security News, Network Security, Risk Management
Palo Alto bets on identity security for autonomous AI with Idira launch
Palo Alto Networks has launched Idira, a new identity security platform aimed at securing human users, machine identities, and AI agents amid the rising adoption of autonomous AI systems amongst enterprises. The company is positioning Idira as a next-generation identity security platform that goes beyond traditional privileged access management (PAM) systems by applying dynamic privilege…
AI, Global Security News
Acronis Launches Cyber Frame IaaS Platform for MSPs
The cyber protection company wants to give MSPs and cloud providers a way to run infrastructure on their own terms, without the vendor lock-in hangover. Acronis on Wednesday unveiled Cyber Frame, a new hyperconverged infrastructure (HCI) and infrastructure-as-a-service (IaaS) platform built specifically for service providers tired of being squeezed by legacy virtualization costs and hyperscaler…
AI, Apps, Global Security News
Pine Services Group Acquires Australian ERP Firm Stratus
Evergreen’s Pine Services Group has acquired Australian ERP consulting and implementation partner Stratus Consulting Group, expanding the company’s presence in the Asia-Pacific market as demand for cloud modernization and enterprise application services continues driving consolidation across the IT services sector. Acquisition expands Pine’s global services footprint With Stratus joining the portfolio, Pine now operates across…
Global Security News
Microsoft says some users can’t install Office on Windows 365 devices
Microsoft says some customers are experiencing issues downloading and installing Office on their Windows 365 devices. […]
AI, Global Security News
[Webinar] Why Your AppSec Tools Miss the “Lethal Path” (and How to Fix It)
TL;DR: Stop chasing thousands of “toast” alerts. Join experts from Wiz and Okta/GitLab to learn how hackers connect tiny flaws to build a “Lethal Chain” to your data—and how to break it. Register for the Strategic Briefing Here. Most security tools work like a smoke alarm that goes off every time you burn a piece…
AI, Cybersecurity, Endpoint, Exploits, Global Security News, malware
ClickFix finds a backup plan in PySoxy proxy chains
ClickFix, a one-shot social engineering technique that tricks victims into executing malicious workflows disguised as fixes to technical issues in their systems, has got a persistence upgrade. In a one-off instance, ReliaQuest researchers have spotted an intrusion chain using scheduled tasks, PowerShell-based command-and-control (C2), and a unique abuse of the decade-old open-source proxy tool PySoxy.…
Exploits, Global Security News
Most Remediation Programs Never Confirm the Fix Actually Worked
Security teams have never had better visibility into their environments and never been worse at confirming what they fix stays fixed. Mandiant’s M-Trends 2026 report puts the mean time to exploit at an estimated negative seven days. The Verizon 2025 DBIR puts median time to remediate edge device vulnerabilities at 32 days. These numbers have…
Europe, Global Security News, Government & Policy
KDE gets over €1 million investment to strengthen security and core infrastructure
European governments and public institutions have been shifting away from proprietary software for years, and the financial infrastructure supporting open-source alternatives is growing to match. Germany’s Sovereign Tech Fund announced today that it is investing more than €1 million in KDE, the open-source project behind the Plasma desktop environment and a broad range of Linux…
AI, Cybersecurity, Global Security News
Global Cyber Agencies Issue New SBOMs for AI Guidance to Tackle AI Supply Chain Risks
The G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chains
AI, Global Security News, privacy, Risk Management
8 critical questions about the Googlebook, Android, and ChromeOS
Well, hell’s bells: It’s finally happening. After years of misguided rumors and off-base expectations — over a decade’s worth, even! — Google is actually now on the brink of combining Android and ChromeOS into a single superpowered platform for laptops and mobile devices alike. The company officially announced the advent of an entirely new type…
AI, Cybersecurity, Global Security News, Network Security, privacy, Risk Management
CISA’s AI SBOM guidance pushes software supply-chain oversight into new territory
The US Cybersecurity and Infrastructure Security Agency (CISA) and its G7 cyber agency partners have released a list of minimum elements for an AI software bill of materials, a move that could help CISOs assess the security and provenance of AI systems entering enterprise environments. The guidance extends traditional SBOM concepts into AI by calling…
AI, Exploits, Global Security News, Network Security
Microsoft’s agentic security system found four critical Windows RCE flaws
Microsoft responded to growing competition in AI security by announcing that its new agentic security system helped researchers discover 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote code execution (RCE) flaws. MDASH architecture diagram (Source: Microsoft) Two of the four flaws — CVE-2026-40361 and CVE-2026-40364 — were deemed by…
Global Security News
Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws
Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity. As many as 61 vulnerabilities…
AI, Cybersecurity, Data Breaches, Data Security, Global Security News, Government & Policy, Risk Management
Instructure settles with hackers following massive student data theft
Educational tech firm Instructure reached a deal with hackers after a major Canvas breach exposed data stolen from schools and universities. Educational tech firm Instructure says it reached an agreement with the cybercrime group behind a major Canvas data theft, after attackers broke into its systems and threatened to publish stolen information from schools and…
Data Breaches, Global Security News
Why Canadian Telecom Providers Are Prime Targets for Cyberattacks
Canadian telecom providers face mounting cyber threats from ransomware, SIM swapping, data breaches, and nation-state attacks targeting critical infrastructure.
AI, Cybersecurity, Global Security News
UK Cybersecurity Market Expands to £14.7bn with Strong Growth in AI Security Firms
UK cybersecurity sector reaches £14.7bn in revenue, driven by rapid growth in AI security firms, increased investment and rising employment across the industry
AI, APAC, Cloud Security, Compliance, Cybersecurity, Endpoint, Global Security News, privacy, Risk Management
2026 CSO Award winners showcase business-enabling cyber innovation
The annual CSO Awards annually recognize security projects that demonstrate outstanding security leadership and business value. For this year’s program, CSO honors 64 security organizations whose hard work and innovative approaches have had a significant impact on how their enterprises navigate risks in an increasingly challenging cyber environment. These projects showcase the variety of strategies…
Global Security News
Microsoft Fixes 17 Critical Flaws in May Patch Tuesday
Microsoft has patched 120 vulnerabilities in this month’s security update round
AI, Cybersecurity, Global Security News, malware
GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data
Cybersecurity researchers are calling attention to a new campaign dubbed GemStuffer that has targeted the RubyGems repository with more than 150 gems that use the registry as a data exfiltration channel rather than for malware distribution. “The packages do not appear designed for mass developer compromise,” Socket said. “Many have little or no download activity,…
AI, Exploits, Global Security News, malware
Google entdeckt erstmals KI-basierten Zero-Day-Exploit
Willkommen im neuen, KI-geschwängerten Bedrohungszeitalter. Gorodenkoff / Shutterstock Die Google Threat Intelligence Group (GTIG) warnt davor, dass kriminelle Hacker mittlerweile KI einsetzen – sowohl, um Schwachstellen aufzuspüren, als auch um anschließend Malware zu entwickeln, die diese aktiv ausnutzt. Der Anlass: Im Rahmen der eingehenden Analyse einer Angriffskampagne prorussischer Hacker haben die Sicherheitsexperten nach eigenen Angaben…
AI, Compliance, Cybersecurity, Global Security News, malware, Risk Management
New SOC-Ready Reporting for Faster Triage, Escalation, and Incident Response with ANY.RUN
Successful SOC operations require more than accurate detections. Instant access to context, clear conclusions, and operationally relevant insights allow incidents to move across workflows without delays: During alert triage, analysts need a quick threat overview to decide on the next steps. Efficient incident response decisions demand clear, actionable context to rely on. Swift incident reporting requires cross-tier visibility without the need for manual processing of raw technical data. Making ANY.RUN’s Interactive Sandbox a part of your…
AI, Cybersecurity, Global Security News, Risk Management
ESET: AI Adoption Puts MSPs in a Stronger Advisory Role
As AI adoption accelerates across the SMB market, MSPs are being pushed into a more strategic role: helping customers determine not only which AI tools to use but also how to use them safely. In a recent conversation with Channel Insider, ESET executives said AI demand has moved beyond experimentation and into daily business operations,…
AI, Cloud Security, Compliance, Global Security News, Risk Management
Versa CSPM brings continuous visibility to cloud risk and compliance exposure
Versa has announced Versa Cloud Security Posture Management (CSPM), extending the VersaONE Universal SASE Platform to provide continuous visibility, prioritization, and remediation of cloud risk across environments. With CSPM, Versa combines secure access protection and cloud posture risk on a single platform, delivering the visibility security teams need to quantify and reduce enterprise cyber exposure.…
AI, Data Breaches, Global Security News
Who’s the winner in the new Microsoft-OpenAI deal?
It feels like the world’s longest and most public divorce: In late April, Microsoft and OpenAI once again renegotiated the slow-motion breakup that has been playing out between the two over the last several years. At first glance, it looks like a win-win. In the broadest terms, OpenAI gets more freedom to set its own course — it can sell its…
AI, Global Security News, privacy
Android Adds Intrusion Logging for Sophisticated Spyware Forensics
Google on Tuesday unveiled a new opt-in Android feature called Intrusion Logging for storing forensic logs to better analyze sophisticated spyware attacks. Intrusion Logging, available as part of Advanced Protection Mode, enables “persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” the company said. The feature,…
AI, Cybersecurity, Global Security News, Network Security, privacy
[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
[This is a Guest Diary by Joshua Nikolson, an ISC Intern and part of the SANS.edu Bachelor’s degree in Applied Cybersecurity (BACS) program.] Introduction One day at work, a friend messaged me, “How do you check a website to see if it’s legit?” This friend recently received a phishing text message from a “bank”,…
AI, Cybersecurity, Exploits, Global Security News
Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator
Fortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems. Fortinet addressed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator. The flaws could allow attackers to execute arbitrary commands or code on unpatched systems. The first vulnerability, tracked as CVE-2026-44277, is an improper access control issue in FortiAuthenticator.…
AI, Apps, Global Security News, Risk Management
NetSPI AI-powered Continuous Pentesting identifies high-impact vulnerabilities
NetSPI launched AI-powered Continuous Pentesting offerings, designed to help organizations continuously identify, validate and reduce risk across dynamic external and cloud environments. Organizations are managing an expanding number of potential entry points as new internet-facing resources, including cloud assets, applications, APIs, and AI-centric assets, are introduced. Each deployment can create new risk, making it harder…
Exploits, Global Security News
Sandyaa: Open-source autonomous security bug hunter
Source code auditing has traditionally relied on static analyzers that flag long lists of potential issues, leaving engineers to sort bugs from noise. A new open-source project from offensive-security firm SecureLayer7 takes a different route, using LLMs to read a codebase, trace how data moves through it, and produce working exploit code for the vulnerabilities…
AI, Global Security News, Risk Management
The hidden risk of non-human identities in AI adoption
An employee with persistent, unsupervised admin access across critical systems, with no audit trail, no clear owner, and no regular access reviews, would raise immediate concern in most organizations. Yet non-human identities and AI agents are often granted that same kind of persistent, broadly privileged access. As AI adoption grows, that gap is becoming harder…
AI, Global Security News, Network Security
Researchers open-source a Wi-Fi cyber range for security training
Wireless security training programs lean heavily on generic network labs, with Wi-Fi appearing as a checkbox alongside Bluetooth, Zigbee, and cellular. Hands-on environments dedicated to IEEE 802.11 are uncommon, even as Wi-Fi remains the default on-ramp to corporate networks and a recurring entry point for attackers. A new paper from researchers at the Norwegian University…
AI, Global Security News
Android pushes new scam, theft, and AI protections in 2026 update wave
Phone scammers spoofing bank caller IDs have driven an estimated $980 million in annual losses worldwide, according to Europol. Android’s 2026 security roadmap takes direct aim at that pattern with a verified call system built in partnership with banks, alongside a wider set of protections covering app behavior, device theft, location data, and on-device AI…
Global Security News
ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930, (Wed, May 13th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI, Compliance, Global Security News
AI is ready to take over Python programming, but not much else
Tests of how well 19 large language models (LLMs) complete and perform complicated multi-step tasks has shown that they are both error-prone and, in many cases, unreliable. The findings are contained a preprint paper, LLMs Corrupt Your Documents When You Delegate, written by Microsoft researchers Philippe Laban, Tobias Schnabel and Jennifer Neville based on a…
AI, Global Security News, Network Security
Proxying the Unproxyable? Sending EXE traffic to a Proxy, (Wed, May 13th)
.. if “unproxyable” is a word that is .. I had a recent engagement where I had to look at the network traffic generated by a Windows executable. Unfortunately, it was all TLS, and all TLS1.3 to boot. So from a PCAP all I got was a whole lot of “yup, that’s encrypted”, and since…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
May Patch Tuesday roundup: Critical holes in Windows Netlogon, DNS, and SAP S/4HANA
Critical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes. They are among the 118 vulnerabilities identified this month by the company. Some in cloud-based services like Azure and Microsoft Teams have already been fixed, so no admin…
AI, Global Security News
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
Our research examines the April 22 Checkmarx KICS and April 24 elementary-data incidents as part of a broader TeamPCP supply chain campaign. Across both cases, the actor abused trusted CI/CD and release workflows to steal credentials at scale.
Global Security News
May’s Patch Tuesday hauls out 132 CVEs
With advisories, this month’s count approaches 300 – though many are already in place Categories: Threat Research, X-ops Tags: Patch Tuesday, MICROSOFT PATCH TUESDAY
Global Security News
US govt seeks Instructure testimony on massive Canvas cyberattack
The U.S. House Committee on Homeland Security is calling on Instructure executives to testify about two cyberattacks by the ShinyHunters extortion group that targeted the company’s Canvas platform, allowing threat actors to steal student data and disrupt schools during final exams. […]
AI, Global Security News
Fedora Hummingbird brings the container security model to a Linux host OS
Container image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The Fedora Project is now applying that same approach to the host operating system. At Red Hat Summit 2026, Fedora announced Fedora Hummingbird, a container-based rolling Linux distribution delivered as an OCI image. “The Linux…
Global Security News
Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America
AI, Exploits, Global Security News, malware
Patch Tuesday, May 2026 Edition
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla and Oracle — fixing near…
AI, Apps, Exploits, Global Security News, malware, Network Security
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
A rapidly spreading malware campaign has infected hundreds of software packages across major open-source registries, embedding credential-stealing code into development tools downloaded millions of times a week. The attack, referred to as “mini Shai-Hulud,” targeted prominent software libraries, including TanStack, UiPath, and MistralAI. TanStack’s React Router package alone accounts for more than 12 million weekly…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, Network Security, Risk Management
AWS Security Agent full repository code scanning feature now available in preview
Today, we’re excited to announce the preview release of full repository code review, a new capability in AWS Security Agent that performs deep, context-aware security analysis of your entire code base. AI-driven cybersecurity capabilities are advancing rapidly. AWS Security Agent can now find vulnerabilities and build working exploits across your entire code base at a…
AI, Global Security News
Embattled Commissioner Makary to Leave FDA
Plus, Sam Altman testifies in Elon Musk’s OpenAI trial, and “Subway Takes” has what it takes.
AI, Global Security News
Canvas Hackers ShinyHunters Say Their Official Domain Was Suspended
ShinyHunters says its shinyhunte.rs domain was suspended after the Canvas LMS attacks, forcing the group to move fully to its dark web (.onion) site.
AI, Cybersecurity, Europe, Global Security News, Government & Policy, Risk Management
Major world economies spell out key elements of AI ‘ingredients list’
A group of international government agencies released guidance Tuesday on what they believe any artificial intelligence “ingredients list” tool should include to make AI more secure. The concept of such a list, known as a “software bill of materials (SBOM),” is to know everything that goes into a particular piece of software so that any…
Global Security News
It’s Patch Tuesday for Microsoft and Not a Zero-Day In Sight
It’s the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.
AI, Apps, Exploits, Global Security News, Risk Management
Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical
Microsoft addressed another triple-digit batch of vulnerabilities cutting across its various enterprise products, components and underlying systems. Yet despite the high number of defects, the vendor reported no actively exploited zero-days in this month’s Patch Tuesday update. Thirteen of the 137 vulnerabilities Microsoft disclosed were assigned critical CVSS ratings, including a pair of vulnerabilities affecting…
Global Security News
Inside the lethal trifecta: Blast radius reduction in AI agent deployments
Global Security News
UK fines water supplier $1.3M for exposing data of 664k customers
The Information Commissioner’s Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. […]
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security
Hackers accessed BWH Hotels reservation system for months
BWH Hotels says hackers accessed guest reservation data, including names and contacts, for over six months across multiple hotel brands. BWH Hotels disclosed a data breach, with threat actors having had access to guest reservation data for more than six months. The incident exposed names and contact details of an undisclosed number of guests. BWH…
AI, Global Security News, Network Security
Webinar: Fixing the gaps in network incident response
IT teams often struggle to quickly coordinate responses across disparate systems during network incidents. This upcoming webinar explores how automation and AI-assisted workflows can reduce response times and help prevent outages. […]
AI, Global Security News
Signal adds security warnings for social engineering, phishing attacks
Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. […]
Exploits, Global Security News
Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days
Microsoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly disclosed. Still, some deserve more consideration and should be addressed sooner than others. Patches to prioritize For Satnam Narang, senior staff research engineer at Tenable, the four critical…
Global Security News
Microsoft releases Windows 10 KB5087544 extended security update
Microsoft has released the Windows 10 KB5087544 extended security update to fix the May 2026 Patch Tuesday vulnerabilities and resolve an issue with the new Remote Desktop warnings. […]
AI, APAC, Apps, Exploits, Global Security News
Microsoft May 2026 Patch Tuesday, (Tue, May 12th)
Today’s Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. There are no already disclosed or already exploited vulnerabilities included in today’s patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable. Note that issues…
Global Security News
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code. […]
Global Security News
Windows 11 KB5089549 & KB5087420 cumulative updates released
Microsoft has released Windows 11 KB5089549 and KB5087420 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. […]
Global Security News
Microsoft May 2026 Patch Tuesday fixes 120 flaws, no zero-days
Today is Microsoft’s May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed this month. […]
AI, Global Security News, malware
Fake Claude Code Installer Targets Developers With Browser Credential Stealer
Researchers at Ontinue have discovered an undocumented malware campaign targeting developers with fake Claude Code installers to steal browser passwords and cookies.
AI, Apps, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a routing library hugely popular among React web application developers. Multiple…
Data Breaches, Global Security News
Škoda warns of customer data breach after online shop hack
Škoda Auto, a wholly owned subsidiary of the Volkswagen Group, has disclosed a data breach after attackers hacked its online shop and stole the personal information of an undisclosed number of customers. […]
Global Security News, privacy
Android 17 to expand banking scam call and privacy protections
Android 17, expected to roll out next month, will introduce several security and privacy features focused on device theft, threat detection, and banking scam calls. […]
AI, Global Security News, privacy, Risk Management
Google and Amnesty International teamed up to make it harder for spyware vendors to hide
Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first. The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it…
AI, Endpoint, Exploits, Global Security News, Risk Management
Extending Security to MCP Servers: Closing a Critical Gap
The Model Context Protocol (MCP) is a de facto standard for providing structured access to privileged systems for AI agents and external integrations. It acts as a USB-C port for AI, enabling faster innovation by allowing organizations to expose tools, resources, and workflows without the time-consuming work of building APIs. Adoption has surged in recent…
AI, Apps, Endpoint, Global Security News, Network Security, privacy, Risk Management
Over 1 Million Baby Monitors and Security Cameras Exposed Through Meari Flaws
More than one million internet-connected baby monitors and security cameras were reportedly exposed through multiple vulnerabilities tied to Meari Technology. The flaws potentially allowed attackers to access sensitive images, device data, and real-time household activity from around the world. “What makes this story especially frustrating is that it highlights one of the hardest problems in…
AI, Global Security News
New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and deliver email. The vulnerability, tracked as CVE-2026-45185, aka Dead.Letter, has been described as a use-after-free
AI, APAC, Exploits, Global Security News
Pwn2Own Berlin 2026 Hits Capacity as Rejected Hackers Release 0-Days
Pwn2Own Berlin 2026 reportedly reached full capacity for the first time, prompting rejected researchers to publicly disclose zero-day exploits targeting Firefox, NVIDIA, and AI platforms.
AI, Global Security News
SAP unveils Autonomous Enterprise for AI-driven business operations
SAP introduced the Autonomous Enterprise to help enhance the world’s most critical business workflows, so that humans and AI work together to meet the accelerating demands of global business profitably, strategically and safely. “For the mission-critical processes of our customers, ‘almost right’ just isn’t good enough,” said Christian Klein, CEO of SAP SE. “By uniting…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management, Venture
What works against Mythos today is what worked against ransomware 5 years ago, and malware 10-15 years ago
Mythos completely changed the game, except, in most ways, it didn’t. It isn’t creating entirely new security problems, it simply makes existing problems much easier to exploit at scale. Yes, AI will increase breaches by making attacks faster and cheaper, but the way companies defend themselves hasn’t fundamentally changed. The organizations best prepared for AI-driven…
AI, Global Security News
OpenAI CEO Sam Altman Takes Stand in Elon Musk Megatrial
The trial centers around Musk’s donations to the AI lab when it was a non-profit and its conversion to a for-profit company.
AI, Apps, Exploits, Global Security News
WWDC: From NeXTStep for Apple to Apple’s next step for AI
As Apple heads toward next month’s Worldwide Developer Conference (WWDC), cast your mind back almost 30 years. That’s when something happened that arguably put events in motion that led to Apple becoming the company it is today. That was when Apple co-founder Steve Jobs returned to the top job at WWDC 1997 — the first such event…
Global Security News
SpaceX, Google in Talks to Explore Data Centers in Orbit
A deal between the two tech titans would give a boost to SpaceX’s business ahead of a historic public listing.
AI, Global Security News
Nvidia Is Buying the Chip Supply Chain
Plus, OpenAI’s employee payouts and tech’s growing unemployment.
AI, Apps, Compliance, Data Breaches, Global Security News, Network Security, Risk Management
Banks Face a Growing AI Risk at the Database Layer
Financial institutions are rapidly deploying AI, but new research suggests many banks may be securing the wrong layer of the stack. Liquibase researchers warn that while organizations focus heavily on AI models and APIs, the database layer may be one of the most exposed parts of modern financial infrastructure. “Governance for agents has to move…
AI, Funding, Global Security News, Venture
Exaforce raises $125 million to respond to AI-powered attacks
Exaforce announced a $125 million Series B financing round, one of the largest ever in the emerging AI SOC space. The round includes participation from HarbourVest, Peak XV, Mayfield, Khosla Ventures, Seligman Ventures and AICONIC. The new capital will help Exaforce scale its AI-native security operations platform, deepen its real-time reasoning capabilities, and expand globally.…
Global Security News
Data Centers in Space: A Pipe Dream, or AI’s Next Big Thing?
A big part of the challenge is producing and launching scores of the devices without breaking the bank.
AI, Exploits, Global Security News
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940)
Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability allows an attacker to log into a cPanel server without a username or password, effectively handing…
AI, Global Security News, malware
ThreatDown ITDR prevents credential-based attacks
ThreatDown, the former corporate business unit of Malwarebytes, launched ThreatDown Identity Threat Detection and Response (ITDR). ITDR is a new product that helps security teams monitor identities to detect suspicious activity, misconfigurations, and active attacks targeting user accounts and privileges. With native integrations for Microsoft Entra ID, Okta, and Active Directory, security teams gain unified…
AI, Apps, Compliance, Cybersecurity, Europe, Global Security News, Network Security
Enabling AI sovereignty on AWS
Cloud and AI are transforming industries and societies at unprecedented speed, from accelerating research and enhancing customer experiences to optimizing business processes and enriching public services. At Amazon Web Services (AWS), we believe that for the cloud and AI to reach their full potential, customers need control over their data and choices for how and…
AI, Global Security News
OpenAI Launches ‘Daybreak’ to Help Build Secure By Design Software
With Daybreak, OpenAI wants its frontier AI models to be used to deploy secure by design software from the ground up
AI, Cybersecurity, Data Breaches, Endpoint, Global Security News, Government & Policy, Risk Management
FIRESIDE CHAT: Cyber insurers deepen SMB security role as supply chain attacks spread
The cyber insurance industry set out to manage financial risk. Along the way, it has quietly became the security operations provider for a significant share of American small businesses. An $11 billion acquisition agreement announced earlier this year suggests it intends to stay in that role. Related: No easy AI security fixes I sat down…
AI, Global Security News
Amazon Quick authorization bypass let users reach blocked AI chat agents
Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those restrictions were enforced only in the user interface for a period earlier this year, and direct calls…
AI, Global Security News, Risk Management
Veeam Intelligent ResOps unifies data context and recovery
Veeam Software announced Veeam Intelligent ResOps, a new solution that unifies data context and recovery operations. As agentic AI accelerates change at machine speed, Intelligent ResOps gives teams the insight they need into their data to quickly understand impact and recover precisely – without broad rollbacks when something happens. When insights are disconnected from recovery,…