Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day
Tag: urging
Cybersecurity, Global Security News, Risk Management
Infosecurity Europe: Why Burnout in Cybersecurity Demands Risk-Based Response
Cybermindz warns that cybersecurity burnout is a growing risk, urging organizations to move beyond wellness initiatives and adopt a measurable, risk-based approach to workforce stress
AI, Cybersecurity, Exploits, Global Security News
Microsoft issues YellowKey mitigation, no patch yet
Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the YellowKey vulnerability, Microsoft acknowledged it and published a mitigation. Not a patch, a mitigation. The distinction matters, and we will get to why. The flaw, tracked as CVE-2026-45585 (CVSS…
AI, china, Cybersecurity, Exploits, Global Security News, Government & Policy, malware, Network Security, Russia
CISA wants critical infrastructure to operate ‘weeks to months’ in isolation during conflict
The Cybersecurity and Infrastructure Security Agency is urging critical infrastructure owners and operators to plan for delivering essential services under emergency conditions – potentially for months at a time. The federal government’s top cybersecurity agency warned that state-sponsored hackers, particularly two Chinese groups known as Salt Typhoon and Volt Typhoon, continue to threaten critical sectors…
Global Security News
NCSC Warns of an AI-Fuelled “Vulnerability Patch Wave”
The UK’s National Cyber Security Centre is urging organizations to prepare for glut of new software updates
AI, Global Security News
OpenAI Rotates macOS Certificates Following Axios Supply Chain Breach
OpenAI rotates macOS certificates after downloading a compromised Axios version, urging users to update apps before revoked certificates are blocked in May 2026.
AI, Exploits, Global Security News, Government & Policy, Network Security, Risk Management
Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
Censys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs exploiting internet-exposed Rockwell Automation PLCs. Threat actors are carrying out cyberattacks targeting internet-connected operational technology (OT) across multiple critical infrastructure sectors.…
AI, Exploits, Global Security News
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group
The US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala. The warning from the US Cybersecurity and Infrastructure Security Agency (CISA) is principally for organizations using Microsoft Intune, a cloud-based unified endpoint management (UEM) service that Handala,…
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News, malware, Network Security, Risk Management
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group
The US is urging infosec leaders to harden their endpoint management system configurations after last week’s hack of American medical supplies provider Stryker by pro-Iranian threat actor Handala. The warning from the US Cybersecurity and Infrastructure Security Agency (CISA) is principally for organizations using Microsoft Intune, a cloud-based unified endpoint management (UEM) service that Handala,…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Risk Management
Overly permissive ‘guest’ settings put Salesforce customers at risk
Salesforce is urging its customers to review their Experience Cloud ‘guest’ configurations as cybercrime group ShinyHunters claims a new campaign involving data theft and extortion tied to exposed Salesforce environments. The group recently posted screenshots on its leak site claiming breaches of “several hundreds” of organizations, including around 400 websites and roughly 100 “high profile…
AI, APAC, Apps, Compliance, Global Security News, Government & Policy, privacy, Risk Management
Microsoft seeks a stay on DoD’s effective ban on Anthropic offerings
Microsoft is urging a federal court in California to temporarily pause the US Department of Defense’s (DoD) effective ban on Anthropic’s AI offerings, arguing that the government’s “supply chain risk” label could have significant knock-on effects for its own defense technology business. In a filing backing Anthropic’s request for emergency relief, the company said the…
AI, Cybersecurity, Data Breaches, Endpoint, Europe, Global Security News, Government & Policy, Risk Management
No, it’s not ‘unnecessarily burdensome’ to control your own data
According to a recent report, the State Department sent a cable urging U.S. diplomats to oppose international data sovereignty regulations like GDPR, characterizing these guardrails as “unnecessarily burdensome.” In the cable, the State Department claims that data sovereignty regulations “disrupt global data flows, increase costs and cybersecurity risks, limit Artificial Intelligence (AI) and cloud services, and…
AI, Apps, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Government & Policy, Network Security, Politics, Risk Management
UK Warns of Heightened Iranian Cyber Risk as Middle East Conflict Intensifies
The United Kingdom’s National Cyber Security Centre (NCSC) is urging British organizations to brace for potential Iranian-linked cyber activity as tensions escalate in the Middle East. While officials say there is no confirmed spike in direct attacks against the UK, they caution that the situation could shift rapidly. “There is almost certainly a heightened risk…
Exploits, Global Security News
Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day
The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation
AI, Global Security News, Government & Policy, Risk Management
UK sounds alarm on rising cyber risks to businesses
The UK government launched a national campaign urging businesses to strengthen basic cyber defenses. The initiative follows new figures highlighting the scale of the threat. Serious cyber incidents cost businesses an average of £195,000, with about half of small firms experiencing one in the past 12 months, officials say. “No business is out of reach…
AI, Apps, Compliance, Cybersecurity, Data Breaches, Endpoint, Exploits, Global Security News, Mobile, Network Security, News, Risk Management, Threats
Apple Patches Actively Exploited Zero-Day Flaw
Apple is urging users to update immediately after patching a zero-day vulnerability that was exploited in what it described as “extremely sophisticated” attacks against specific individuals. The flaw, which impacts multiple Apple operating systems, allowed attackers to execute arbitrary code on vulnerable devices. “An attacker with memory write capability may be able to execute arbitrary…
AI, Global Security News, privacy
“Encrypt It Already” Campaign Pushes Big Tech to Prioritize E2E Encryption
The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption by default across their services, as privacy concerns mount amid increased AI use.