Thieves unlock stolen iPhones using cheap tools sold on Telegram
Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure …
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent …
Rocky Linux launches opt-in security repository for urgent fixes
Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists …
Deepfake detection is losing ground to generative models
Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, …
Zombie linkages are keeping expired domains trusted for years
Domains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has …
The AI oversight paradox: Is the investment worth the cost of watching it?
Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization …
New infosec products of the week: May 15, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Alation, Apricorn, Versa Networks, and TrustCloud. The questionnaire-based TPRM …
Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)
Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is …
Microsoft’s WinUI agent plugin trims token use by over 70% during development
Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX …
Microsoft turns Copilot Studio into an AI agent control center
The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent …
AI cyber capability is speeding past earlier projections
AI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI …
CERN’s open source KiCad library gives the world 17,000 circuit board components
CERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained …
Featured news
Resources
Don't miss
- Accenture acknowledges security incident following 35GB data theft claim
- Orbia CISO Miranda Ritchie on building security into sustainable infrastructure
- 20 open-source cybersecurity tools to keep your team ready for anything
- macOS is becoming a proving ground for AI agents
- How to implement a continuous offensive security testing program