Latest posts

The United Kingdom has withdrawn its demand that Apple create a backdoor to its encrypted cloud systems following months of diplomatic pressure from the United States, according to a statement from Director of National Intelligence Tulsi Gabbard. Gabbard announced the decision Monday on X, stating that the U.S. government had worked closely with British partners…

Read more

LAS VEGAS — One of the big worries during the generative AI boom is where exactly data is traveling when users enter queries or commands into the system. According to new research, those worries may also extend to one of the world’s most popular consumer technology companies.  Apple’s artificial intelligence ecosystem, known as Apple Intelligence,…

Read more

LAS VEGAS — Federal cyber authorities issued an alert Wednesday evening about a high-severity vulnerability affecting on-premises Microsoft Exchange servers shortly after a researcher presented findings of the defect at Black Hat.  Microsoft also issued an advisory about the vulnerability — CVE-2025-53786 — and said it’s not aware of exploitation in the wild.  While the…

Read more

Identity has become the new cybersecurity perimeter. As federal agencies rapidly adopt cloud services, AI-powered tools and hybrid work models, identity security is now central to mission assurance. However, for many federal leaders, identity management remains a complex puzzle. The abundance of tools — from password managers to identity governance systems — often leads to…

Read more

Social engineering — an expanding variety of methods that attackers use to trick professionals to gain access to their organizations’ core data and systems — is now the top intrusion point globally, attracting an array of financially motivated and nation-state backed threat groups.  More than one-third (36%) of the incident response cases Palo Alto Networks’…

Read more

Google this week changed how it publicly discloses vulnerabilities in a bid to give defenders early details about new software defects it discovers, shortening the early window of time between a vendor releasing a patch and customers installing the security update. Project Zero, Google’s squad of security researchers who find and study zero-day vulnerabilities, will…

Read more

Palo Alto Networks has agreed to acquire identity security firm CyberArk for approximately $25 billion, marking the cybersecurity giant’s largest acquisition and its formal entry into the identity security market as the industry continues consolidating amid rising cyber threats. The transaction ranks among the largest technology acquisitions this year and underscores the market’s focus on…

Read more

News of two major Microsoft security events in as many weeks should concern every federal agency, not just because of the breaches themselves, but because of what they reveal about how the company does business. First, ProPublica uncovered that Microsoft allowed Chinese engineers to work on sensitive U.S. military cloud projects under the supervision of…

Read more

A financially motivated threat group is attacking organizations using fully patched, end-of-life SonicWall Secure Mobile Access 100 series appliances, Google Threat Intelligence Group said in a report released Wednesday. The group, which Google identifies as UNC6148, is using previously stolen admin credentials to gain access to SonicWall SMA 100 series appliances, remote access VPN devices…

Read more

A 21-year-old former Army soldier pleaded guilty Tuesday to charges stemming from a series of attacks and extortion attempts last year on telecommunications companies, including AT&T.  Cameron John Wagenius, who identified himself as “kiberphant0m” and “cyb3rph4nt0m” on online criminal forums, conducted extensive malicious activity for years, including while he was on active duty, the Justice…

Read more