Browsing: Security

A shocking revelation emerged during the sentencing of a dark web drug market administrator: an FBI confidential human source reportedly helped run the Incognito market for nearly two years, a platform that facilitated the sale of fentanyl-laced pills, some linked to a confirmed death. This involvement raises questions about law enforcement’s role in mitigating harm on such platforms.

Anthropic has launched a new embedded security scanning feature for its Claude AI, designed to identify vulnerabilities in software codebases and propose solutions. This tool, named Claude Code Security, is currently in a limited testing phase for select enterprise and team clients.

The UK government has announced a new law requiring tech companies to remove nonconsensual intimate images within 48 hours of a single report, or face substantial fines and potential service blocking. This initiative aims to protect victims by ensuring rapid removal across platforms, utilizing digital marking and proactive blocking technologies, following recent controversies involving AI chatbots.

Microsoft has released security updates for 59 flaws across its software, with six of these vulnerabilities already being actively exploited. The patches cover critical issues like privilege escalation and remote code execution. Additionally, Microsoft is rolling out updated Secure Boot certificates and introducing new security initiatives, Windows Baseline Security Mode and User Transparency and Consent, to enhance system protection.

Julie Chatman’s journey into cybersecurity was unexpected, beginning in medical diagnostics before she transitioned to a cybersecurity and risk leadership role at the FBI. Her unique career path has provided her with a clear perspective on the evolving challenges CISOs face today and how security leaders can effectively navigate them.

Most signs suggest the group is running a massive hoax by claiming hundreds of initial victims, but at least some of the threat 0APT poses is grounded in truth backed by proven capabilities.

NATO’s deputy secretary general, Radmila Shekerinska, stated that the alliance must be prepared to retaliate against Russia and China for cyber and hybrid attacks, making such actions more costly. She highlighted the complex security landscape where adversaries target critical infrastructure and government services, emphasizing the need for increased investment in cyber defense and coordinated responses.

Modern cloud infrastructure, characterized by rapid deployments and ephemeral workloads, faces a critical challenge: identity governance has not evolved at the same pace. Thousands of machine identities, often overlooked, persist beyond control, creating significant security vulnerabilities. This article explores the paradox of securing dynamic environments with static approaches and outlines strategic shifts needed for effective identity management.

Microsoft’s February 2026 Patch Tuesday release includes over 50 security updates, notably addressing six actively exploited “zero-day” vulnerabilities across Windows components like Shell, MSHTML, and Remote Desktop Services. The update also fixes critical remote code execution flaws in AI development tools such as GitHub Copilot and Visual Studio, stemming from prompt injection vulnerabilities.

A severe vulnerability has been identified in the WPvivid Backup & Migration WordPress plugin, which is active on over 900,000 websites. This flaw allows attackers to achieve remote code execution by uploading unauthorized files without needing authentication.