Cyber News & Articles

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.
Read on to catch up before the next wave hits.

Unauthenticated RCE risk

Security Flaw in Redis

As AI copilots and assistants become embedded in daily work, security teams are still focused on protecting the models themselves. But recent incidents suggest the bigger risk lies elsewhere: in the workflows that surround those models.
Two Chrome extensions posing as AI helpers were recently caught stealing ChatGPT and DeepSeek chat data from over 900,000 users. Separately, researchers

It’s 2026, yet many SOCs are still operating the way they did years ago, using tools and processes designed for a very different threat landscape. Given the growth in volumes and complexity of cyber threats, outdated practices no longer fully support analysts’ needs, staggering investigations and incident response.
Below are four limiting habits that may be preventing your SOC from evolving at

Microsoft on Wednesday announced that it has taken a “coordinated legal action” in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses.
The effort, per the tech giant, is part of a broader law enforcement effort in collaboration with law enforcement authorities that has allowed it to confiscate the malicious

Palo Alto Networks has released security updates for a high-severity security flaw impacting GlobalProtect Gateway and Portal, for which it said there exists a proof-of-concept (PoC) exploit.
The vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), has been described as a denial-of-service (DoS) condition impacting GlobalProtect PAN-OS software arising as a result of an improper check for

Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild.
Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege

Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in “extremely sophisticated” attacks.
The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component.
It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.

Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.

In episode 41 of the AI Fix, our hosts learn that society needs to be completely reordered by December, Grok accuses Trump of being a Russian asset, Graham discovers that parents were wrong about computer games all along, and Mark wonders if a kung-fu kicking robot from Unitree is the hero that we need.

Graham gives an AI a Rorschach test and learns about “Norman” the psychopathic AI, and Mark discovers why we should actually be optimistic about AI.

Plus – don’t miss our featured interview with Marc Beckman, the author of “Some future day: How AI is going to change everything.”