Information security
Information security

fromAxios

20 minutes ago

The next phase of AI cybersecurity still needs humans

Powerful AI security models rapidly discover many bugs and can chain low-severity issues into attack paths, increasing vulnerability volume and defender workload.

fromTNW | Openai

OpenAI launches Daybreak to take on Anthropic's Mythos in cyber defence

Daybreak pairs GPT-5.5 variants with security partners to model threats, find vulnerabilities, generate patches, and validate fixes in enterprise codebases under controlled access.

fromTechCrunch

Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen | TechCrunch

AI-enabled security operations can detect and stop threats in real time while reducing analyst workload by automating investigation and filtering false positives.

fromAxios

20 minutes ago

The next phase of AI cybersecurity still needs humans

Powerful AI security models rapidly discover many bugs and can chain low-severity issues into attack paths, increasing vulnerability volume and defender workload.

fromTNW | Openai

OpenAI launches Daybreak to take on Anthropic's Mythos in cyber defence

Daybreak pairs GPT-5.5 variants with security partners to model threats, find vulnerabilities, generate patches, and validate fixes in enterprise codebases under controlled access.

fromTechCrunch

Exaforce raises $125M Series B to build AI for catching and stopping cyberattacks as they happen | TechCrunch

AI-enabled security operations can detect and stop threats in real time while reducing analyst workload by automating investigation and filtering false positives.

more#ai-cybersecurity

25 minutes ago

How AI Hallucinations Are Creating Real Security Risks

AI models can produce confident, incorrect outputs that exploit misplaced trust, creating security vulnerabilities in critical infrastructure and cybersecurity decisions.

24 minutes ago

Chinese APTs Expand Targets, Update Backdoors in Recent Campaigns

Salt Typhoon expanded targeting and updated tools, exploiting Microsoft Exchange vulnerabilities to deploy web shells and Deed RAT, then moving laterally via RDP and Impacket.

fromFortune

15 minutes ago

North Korean operatives stole $2 billion last year-and financial firms are the next target | Fortune

North Korea-linked cyber groups stole over $2 billion in digital assets in 2025, using credential theft and laundering to fund military and nuclear programs.

Hackers Targeted PraisonAI Vulnerability Hours After Disclosure

PraisonAI versions with authentication disabled by default allowed unauthenticated access to agent metadata and workflow execution endpoints.

fromTNW | Openai

4 hours ago

OpenAI says no user data was touched in the TanStack npm worm

Malicious TanStack npm packages were published via the legitimate release pipeline after a hijacked GitHub Actions runner exfiltrated an OIDC token mid-build.

5 hours ago

Researcher Drops YellowKey, GreenPlasma Windows Zero-Days

Two Windows zero-days enable BitLocker bypass and privilege escalation via a physical-access exploit chain targeting WinRE.

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

YellowKey enables a BitLocker bypass in WinRE by using crafted FsTx files to trigger a shell, even when TPM+PIN is enabled.

5 hours ago

To gain root access at this company, all an intruder had to do was ask nicely

IT staff reset an account after a caller failed challenge questions, enabling unauthorized access through social engineering and weak password reset procedures.

12 hours ago

The Bench You'll Need in Three Years Depends on Decisions You Make Now

AI-native security tools automate entry-level tasks, shrinking the entry talent pipeline and creating a widening skills mismatch that will reduce hiring, provider quality, and bench strength.

5 hours ago

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift is a critical ngx_http_rewrite_module heap buffer overflow enabling remote code execution or denial-of-service via crafted requests.

Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access

Fragnesia (CVE-2026-46300) enables unprivileged users to gain root by corrupting Linux page-cache memory via the XFRM ESP-in-TCP/IPsec path, with public exploit code available.

4 hours ago

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Fragnesia (CVE-2026-46300) enables unprivileged local attackers to corrupt kernel page cache and gain root via the XFRM ESP-in-TCP subsystem.

fromInfoQ

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Two Linux kernel local privilege escalation flaws enable unprivileged users to obtain root by manipulating page cache via AF_ALG and related logic bugs.

Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access

Fragnesia (CVE-2026-46300) enables unprivileged users to gain root by corrupting Linux page-cache memory via the XFRM ESP-in-TCP/IPsec path, with public exploit code available.

4 hours ago

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

Fragnesia (CVE-2026-46300) enables unprivileged local attackers to corrupt kernel page cache and gain root via the XFRM ESP-in-TCP subsystem.

fromInfoQ

Copy Fail and Dirty Frag: Linux Page-Cache Exploits Target Every Major Distribution

Two Linux kernel local privilege escalation flaws enable unprivileged users to obtain root by manipulating page cache via AF_ALG and related logic bugs.

more#linux-kernel

1 hour ago

F5 Patches Over 50 Vulnerabilities

The most severe of the resolved issues is CVE-2026-42945 (CVSS v4.0 score of 9.2), a denial-of-service (DoS) condition in NGINX's ngx_http_rewrite_module module. The bug allows an unauthenticated attacker to send crafted HTTP requests that, combined with certain conditions beyond the attacker's control, could trigger a heap buffer overflow and a restart. If Address Space Layout Randomization (ASLR) is disabled, the flaw can be exploited for code execution.

Information security

fromWIRED

Your iPhone Gets Stolen. Then the Hacking Begins

Cybercrime services sell iPhone unlocking tools and phishing technology, enabling resale of unlocked, wiped devices and driving rapid growth in related phishing domains.

3 hours ago

High-Severity Vulnerability Patched in VMware Fusion

VMware Fusion released an update to patch CVE-2026-41702, a TOCTOU SETUID flaw that can let local non-admin users escalate privileges to root.

Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code

Microsoft and Palo Alto Networks report significant vulnerability discoveries after enabling AI-driven scanning on their own code and product portfolios.

What Security Leaders Say About the First AI-Developed Zero-Day Exploit

AI-generated zero-day exploitation has become operational, requiring stronger, phishing-resistant authentication and treating privileged access as a separate attack surface.

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.

22 hours ago

Information security

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

19 hours ago

Information security

Zero Day Initiative - Pwn2Own Berlin 2026: The Full Schedule

Information security

White Circle Raises $11 Million for AI Control Platform

fromComputerworld

23 hours ago

Microsoft's new AI system finds 16 Windows flaws, including four critical RCEs

MDASH will enter enterprise private preview in June, using AI agents to discover and help remediate Windows vulnerabilities, including critical remote code execution flaws.

22 hours ago

Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

MDASH is a model-agnostic, multi-agent AI pipeline that discovers, validates, and proves exploitable vulnerabilities at scale in complex codebases.

19 hours ago

Information security

Zero Day Initiative - Pwn2Own Berlin 2026: The Full Schedule

White Circle Raises $11 Million for AI Control Platform

White Circle raised $11M seed funding to build an AI control layer that monitors inputs/outputs, detects risks, enforces policies, and improves model accuracy over time.

Sweet Security Launches Agentic AI Red Teaming to Counter 'Mythos Moment'

Human security cannot match AI-assisted cyberattack speed and volume, requiring security programs that use environment-specific AI agents and continuous red teaming.

16 hours ago

Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs

Missing or faulty security validation in MCP servers enables SQL injection, metadata exfiltration, and potential takeover of internet-exposed database instances.

#cybersecurity

fromBusiness Matters

Information security

Stryker hack shows cyber intelligence is more important than ever

Information security

Cybersecurity Is No Longer a Gatekeeper, But the Engine of Delivery Across Digital Economy

from24/7 Wall St.

Information security

AI Threats Are Accelerating and These 3 Cybersecurity Stocks Under $30 Are Built to Win

Information security

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

Google: AI likely aided attackers to develop a zero-day

Generative AI is increasingly used to develop exploits, enabling attackers to bypass two-factor authentication and automate offensive workflows.

fromwww.bbc.com

Canvas hack: company pays criminals to delete students' stolen data

Instructure paid hackers to prevent publication of stolen Canvas data, returning it with digital confirmation of destruction and preventing extortion of affected customers.

fromBusiness Matters

Stryker hack shows cyber intelligence is more important than ever

A major medical device company’s devices were wiped after an Iran-linked ransomware attack, showing cyber threats can strike anytime and require urgent security priorities.

Cybersecurity Is No Longer a Gatekeeper, But the Engine of Delivery Across Digital Economy

Cybersecurity is a top fast-growing skill and must be integrated into product delivery, since both protection gaps and misconfigured controls can cause outages, breaches, and lost trust.

from24/7 Wall St.

AI Threats Are Accelerating and These 3 Cybersecurity Stocks Under $30 Are Built to Win

Cybersecurity demand for AI workloads, identity control, and data pipeline protection is driving growth, while several stocks trade under $30 at compressed valuations.

Government to Scrutinize Instructure Over Canvas Disruption, Data Breach

Instructure faced repeated Canvas intrusions, exploited Free-For-Teacher issues, and is temporarily shutting accounts while the House Homeland Security Committee demands incident details.

Google: AI likely aided attackers to develop a zero-day

Generative AI is increasingly used to develop exploits, enabling attackers to bypass two-factor authentication and automate offensive workflows.

fromwww.bbc.com

#microsoft-security-updates

Canvas hack: company pays criminals to delete students' stolen data

Instructure paid hackers to prevent publication of stolen Canvas data, returning it with digital confirmation of destruction and preventing extortion of affected customers.

more#cybersecurity

Information security

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft released patches for 138 vulnerabilities across its products, including critical Windows DNS and Azure flaws, with no publicly known active attacks reported.

Zero Day Initiative - The May 2026 Security Update Review

Most Microsoft fixes address elevation of privilege, with several code execution paths requiring varying attacker access levels and one kernel issue enabling code execution via crafted NVMe-oF handshake messages.

Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws

Microsoft released patches for 138 vulnerabilities across its products, including critical Windows DNS and Azure flaws, with no publicly known active attacks reported.

more#microsoft-security-updates

Zero Day Initiative - The May 2026 Security Update Review

fromwww.bbc.com

More than 70 million warnings sent to people seeking child abuse material

Over two years, 70 million CSAM warning messages were sent, with 700,000 accessing support resources, and most who seek help continued engaging.

Mystery Microsoft bug leaker keeps the zero-days coming

YellowKey enables attackers with physical access to bypass BitLocker and gain unrestricted shell access, turning stolen laptops into potential breach events.

Fortinet, Ivanti Patch Critical Vulnerabilities

Fortinet and Ivanti released patches for 18 vulnerabilities, including three critical flaws enabling remote, unauthenticated code execution or file manipulation.

13 hours ago

Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits

AI-based code scanning is rapidly increasing vulnerability discovery, driving more patches and greater administrative workload while raising risks if patches break systems.

#microsoft-patch-tuesday

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

CVE-2026-40361 is a zero-click Outlook remote code execution flaw requiring patching to protect enterprise inboxes.

Microsoft patches 137 vulnerabilities and deploys AI scanner

Microsoft’s May Patch Tuesday fixes 137 vulnerabilities, including 30 critical, with AI-driven detection and an internal MDASH scanning environment accelerating discovery and patching.

fromComputerWeekly.com

Microsoft releases rare zero-day free Patch Tuesday update | Computer Weekly

May 2026 Patch Tuesday fixes about 140 CVEs with no zero-days, but nearly 20 critical flaws require rapid patching and Secure Boot certificate rotation by 26 June.

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

CVE-2026-40361 is a zero-click Outlook remote code execution flaw requiring patching to protect enterprise inboxes.

Microsoft patches 137 vulnerabilities and deploys AI scanner

Microsoft’s May Patch Tuesday fixes 137 vulnerabilities, including 30 critical, with AI-driven detection and an internal MDASH scanning environment accelerating discovery and patching.

fromComputerWeekly.com

more#microsoft-patch-tuesday

Microsoft releases rare zero-day free Patch Tuesday update | Computer Weekly

May 2026 Patch Tuesday fixes about 140 CVEs with no zero-days, but nearly 20 critical flaws require rapid patching and Secure Boot certificate rotation by 26 June.

Most Remediation Programs Never Confirm the Fix Actually Worked

Patch faster, but verify fixes truly eliminate exposure rather than merely marking tickets remediated.

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

Intel and AMD released May 2026 Patch Tuesday advisories covering 70 vulnerabilities, including critical flaws enabling privilege escalation and potential code execution.

fromComputerWeekly.com

21 hours ago

Can data sovereignty become a liability in war? | Computer Weekly

In conflict, data access matters more than data sovereignty, and both national control and global cloud reliance can create single points of failure.

Foxconn attackers allegedly obtained Apple and Nvidia data

Foxconn confirmed a North American ransomware attack, with Nitrogen claiming theft of confidential data and Foxconn restarting affected factories.

On Anti-Ransomware Day, some good news arrives for cyber defenders

Ransomware victim rates are falling, while attackers shift to sophisticated intrusions, access sales, and fragmented operations.

fromWIRED

Foxconn Ransomware Attack Shows Nothing Is Safe Forever

Nitrogen claims it stole 8 TB of Foxconn data and extorts the electronics manufacturer, which reported cyberattacks and resuming production at affected North American factories.

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

A ransomware attack hit Foxconn’s North American operations, disrupting some factories but enabling resumption of normal production after response measures.

Foxconn attackers allegedly obtained Apple and Nvidia data

Foxconn confirmed a North American ransomware attack, with Nitrogen claiming theft of confidential data and Foxconn restarting affected factories.

On Anti-Ransomware Day, some good news arrives for cyber defenders

Ransomware victim rates are falling, while attackers shift to sophisticated intrusions, access sales, and fragmented operations.

fromWIRED

Foxconn Ransomware Attack Shows Nothing Is Safe Forever

Nitrogen claims it stole 8 TB of Foxconn data and extorts the electronics manufacturer, which reported cyberattacks and resuming production at affected North American factories.

Foxconn confirms cyberattack after ransomware crew claims it stole confidential Apple, Nvidia files

A ransomware attack hit Foxconn’s North American operations, disrupting some factories but enabling resumption of normal production after response measures.

more#ransomware

fromLondon Business News | Londonlovesbusiness.com

How we can combat the critical national infrastructure threat from the Iran war - London Business News | Londonlovesbusiness.com

UK critical infrastructure faces elevated, evolving cyber risk from Iran-related conflict, especially via indirect attacks through regional supply chains and overseas assets.

ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA

Multiple vendors released May 2026 ICS security advisories addressing critical and high-severity vulnerabilities, including remote code execution, takeover, XSS, and session hijacking.

#malware

fromwww.theregister.com

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Shai-Hulud worm source code was open-sourced, enabling rapid modification and credential-stealing attacks against npm packages and cloud accounts.

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 uses a free OnlyFans lure to deliver stealthy malware that steals cryptocurrency, exfiltrates data, and deploys ransomware via persistence and C2 control.

fromwww.theregister.com

Malware crew TeamPCP open-sources its Shai-Hulud worm on GitHub

Shai-Hulud worm source code was open-sourced, enabling rapid modification and credential-stealing attacks against npm packages and cloud accounts.

Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware

CRPx0 uses a free OnlyFans lure to deliver stealthy malware that steals cryptocurrency, exfiltrates data, and deploys ransomware via persistence and C2 control.

Cyberattack: First they come for Foxconn, then they come for you

Attackers can still disrupt and compromise highly secured industrial networks, causing widespread operational shutdowns and data theft claims.

GemStuffer Abuses 150+ RubyGems to Exfiltrate Scraped U.K. Council Portal Data

GemStuffer abuses RubyGems to exfiltrate scraped UK council portal content by publishing data-bearing gems using hardcoded API keys.

19 hours ago

Foxconn Confirms North American Factories Hit by Cyberattack

“The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production,” Foxconn told SecurityWeek.

Information security

22 hours ago

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting.

Information security

fromIndependent

More than 200 fake websites targeted Irish residents with scams last year

Financial scams targeting Irish residents increased 52% in one year, often impersonating Revenue, An Post, and Irish banks to steal money.

fromIndependent

More than 200 fake websites targeted Irish residents with scams last year

More than 200 websites were found to be targeting Irish residents with scams last year, including fake online shops and fraudulent loan websites claiming to be regulated by the Central Bank of Ireland.

Information security

fromInfoQ

GitHub Expands Secret Scanning with General Availability of MCP Server Integration

GitHub added general availability of secret scanning via its MCP Server to let AI agents and automation detect and remediate exposed credentials in structured workflows.

fromSearch Storage

Attackers targeting storage infrastructure for remote work | TechTarget

Threat actors increasingly target storage infrastructure to access valuable data, disable backups, steal credentials, and spread ransomware impact efficiently.

#supply-chain-attacks

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP modified npm and PyPI packages to run obfuscated environment profiling and credential stealing, exfiltrating data via external domains and GitHub token abuse.

fromInfoWorld

Information security

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Automated Mini Shai-Hulud worm attacks rapidly spread through package ecosystems on May 11 by hijacking release pipelines via pull_request_target and maintainer misconfigurations.

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP modified npm and PyPI packages to run obfuscated environment profiling and credential stealing, exfiltrating data via external domains and GitHub token abuse.

fromInfoWorld

more#supply-chain-attacks

Mistral AI SDK, TanStack Router hit in npm software supply chain attack

Automated Mini Shai-Hulud worm attacks rapidly spread through package ecosystems on May 11 by hijacking release pipelines via pull_request_target and maintainer misconfigurations.

fromMedium

AI's Double-Edged Sword: Innovation, Risk, and the Expanding Attack Surface

AI capability is expanding cybersecurity risks by turning intelligence and autonomy into attack vectors for fraud, misinformation, and physical threats.

Why Agentic AI Is Security's Next Blind Spot

Agentic AI requires security teams to build foundational AI fluency before they can design effective controls or meaningfully engage decisions.

Is The SOC Obsolete, And We Just Haven't Admitted It Yet?

SOC operations are increasingly mismatched to machine-speed threats, and current AI SOC promises rarely replace human investigation and contextual decision-making.

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

High-risk SOC alerts go unanswered due to structural coverage ceilings, lack of specialized expertise, and automation limits that deprioritize unfamiliar or novel alert categories.

Is The SOC Obsolete, And We Just Haven't Admitted It Yet?

SOC operations are increasingly mismatched to machine-speed threats, and current AI SOC promises rarely replace human investigation and contextual decision-making.

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

High-risk SOC alerts go unanswered due to structural coverage ceilings, lack of specialized expertise, and automation limits that deprioritize unfamiliar or novel alert categories.

Microsoft Patches 137 Vulnerabilities

Microsoft patched 137 vulnerabilities, including critical privilege escalation and remote code execution flaws, with none reported exploited in the wild.

fromDevOps.com

OpenAI's Daybreak Challenges Anthropic in AI Cybersecurity Race

Daybreak embeds AI-driven vulnerability identification, fix validation, and faster patching into enterprise software development workflows using Codex Security and vendor integrations.

fromTechRepublic

Google Says Hackers Used AI to Build Zero-Day Exploit

A zero-day exploit with AI assistance targeted 2FA in an open-source web administration tool, but was disrupted before large-scale use.

Cache-poisoning caper turns TanStack npm packages toxic

Eighty-four malicious TanStack npm package versions stole credentials, self-propagated, and wiped disks after poisoning GitHub Actions caches and extracting npm OIDC tokens.

Claude Mythos Finds Only One Curl Vulnerability; Experts Divided on What It Really Means

Claude Mythos testing of curl found only one low-severity vulnerability, challenging claims of thousands of zero-days and suggesting curl’s security may be strong.

fromTNW | Data-Security

Google identifies first AI-developed zero-day exploit and thwarts planned mass exploitation event

Google identified an AI-assisted zero-day exploit, disrupted a planned mass exploitation event, and documented state-sponsored AI use in vulnerability research and malware development.

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

A coordinated Mini Shai-Hulud supply chain attack compromised 170+ packages, stealing tokens and credentials and spreading via CI publishing of malicious package versions.

fromwww.cbc.ca

Instructure strikes deal with hackers after massive Canvas cyber breach hits universities | CBC News

Instructure reached an agreement with the hacking group, received verification of data destruction, and assured customers would not face extortion or further targeting.

Frontier AI safety tests may be creating the very risks they're meant to stop

Third-party AI evaluations require outsider access, but inconsistent standards and weak controls create new risks of theft, tampering, espionage, and abuse.

fromNextgov.com

The Pentagon's cyber rules leave MSPs as an attack vector

CMMC aims to secure defense supply chains, but MSP privileged access can become an exploitable attack vector if MSPs aren’t held to equivalent standards.

New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots

TrickMo C uses TON-based command-and-control and updated network features to target banking and crypto users while turning infected devices into traffic-exit nodes.

fromTechRepublic

Over 1 Million Baby Monitors, Security Cameras Exposed Through Meari Flaws

Vulnerabilities in Meari Technology exposed private baby monitor and camera data across over one million devices, including images, motion alerts, and real-time activity.

SAP Patches Critical S/4HANA, Commerce Vulnerabilities

SAP released 15 security notes for May 2026 Patch Day, including critical SQL and code injection flaws in S/4HANA and SAP Commerce.

from24/7 Wall St.

5 Cybersecurity Stocks That May Be Acquired in 2026's M&A Wave

Cybersecurity M&A in 2026 is accelerating as platform consolidation, AI disruption, and hyperscaler demand drive acquisitions of sub-scale vendors.

Congress investigates Canvas breach as company pays ransom

US Congress summoned Instructure CEO Steve Daly to explain two Canvas breaches, including data accessed, containment, notifications, and coordination with federal law enforcement and CISA.

Cisco open-sources Foundry Security Spec for CISO-ready agents

Foundry Security Spec standardizes LLM-based security evaluations with orchestration, validation, coverage tracking, and auditable outputs.

fromEngadget

Google announces upcoming security tools for Android, including enhanced protection against banking scam calls - Engadget

Android adds protections against banking scam calls, expands live threat detection for abusive apps, and introduces device-theft security settings.

Adobe Patches 52 Vulnerabilities in 10 Products

Adobe released patches for 52 vulnerabilities across 10 products, including critical flaws enabling arbitrary code execution and privilege escalation.

New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution

Exim security updates fix CVE-2026-45185, a GnuTLS-related BDAT use-after-free that can cause heap corruption and potential code execution.

Linux kernel kill switch proposal sparks fierce debate

Privileged administrators could disable vulnerable kernel functions temporarily until patches arrive, reducing exposure during zero-day gaps but raising concerns about delaying patching and adding operational risk.

Veeam launches DataAI Command Platform for the agentic era

“The infrastructure to deploy AI exists. The infrastructure to trust it doesn't. With the DataAI Command Platform, Veeam is building the missing layer combining resilience, security, governance, compliance and privacy, in one platform.”

Information security