Browsing: Security

The EU Commission is advancing a proposal to prohibit high-risk foreign network providers, specifically targeting Chinese firms like Huawei and ZTE, from critical infrastructure across member states. This initiative aims to bolster cybersecurity and protect against potential espionage and sabotage, making previous recommendations mandatory. The plan also includes expanding the powers of the EU Cybersecurity Agency, ENISA, to combat cyber threats like ransomware.

Cisco has released urgent security updates for a critical remote code execution vulnerability (CVE-2026-20045) affecting its Unified Communications and Webex Calling products. This zero-day flaw has been actively exploited in the wild, allowing attackers to gain root access to affected servers.

Ransomware negotiators operate in a ‘moral gray zone,’ often without clear accountability or industry-wide rules of engagement.

The final Patch Tuesday of 2025 from Microsoft delivered updates for 56 security vulnerabilities across Windows operating systems and associated software. This release includes a zero-day bug actively being exploited and two other publicly disclosed flaws. Microsoft patched a total of 1,129 vulnerabilities in 2025, marking a significant increase from the previous year.

A Jordanian national has pleaded guilty to operating as an access broker, selling unauthorized access to at least 50 company networks. The individual, Feras Khalil Ahmad Albashiti, exploited firewall vulnerabilities and unknowingly sold access and malware to an undercover FBI agent.

A significant security flaw has been discovered in Google’s Fast Pair Bluetooth protocol, affecting hundreds of millions of audio devices. This vulnerability could allow unauthorized individuals to hijack headphones and speakers, enabling eavesdropping, audio injection, and even location tracking.

Check Point researchers have uncovered VoidLink, a sophisticated and modular malware framework targeting Linux cloud servers and containers. Developed in Zig, likely by Chinese actors, VoidLink is designed for stealthy operation, credential harvesting, and adapts its behavior to various cloud environments. It features extensive customization via plug-ins, a web-based C2 dashboard, and employs advanced evasion techniques, including rootkit components, to remain undetected.

IT leaders are developing their operational strategies for 2026, focusing on agility, flexibility, and measurable business outcomes. This article explores the key trends and technologies expected to shape the IT agenda in the coming year.

A new botnet, Kimwolf, has rapidly grown to infect millions of devices globally, posing a significant threat to local network security. This botnet exploits vulnerabilities in residential proxy services and insecure Android TV boxes and digital photo frames, often shipped with Android Debug Bridge enabled, allowing attackers to tunnel into private networks and compromise devices behind firewalls.

California Attorney General Rob Bonta has initiated an investigation into xAI, the company behind the Grok AI model, following widespread reports of its use in generating nonconsensual sexually explicit deepfakes of women and children. The probe will examine whether xAI violated state law by facilitating the creation and dissemination of such content, particularly through Grok’s “spicy mode.” This action coincides with the recent unanimous Senate passage of the DEFIANCE Act, a bill aimed at providing civil recourse for victims of nonconsensual deepfakes.