Timely analysis of the breaches, deals, exploits, and policy shifts reshaping cybersecurity, identity, and AI. Each piece goes past the headline to what it means for the people building and defending software. Updated continuously, newest first.
ShinyHunters weaponized a PeopleSoft zero-day to breach 100+ organizations in two weeks. 455K student records at Nottingham alone. Oracle's advisory came last.
CISA is operating at 40% capacity with 1,000 vacancies. Six threat hunters resigned in one day. The timing couldn't be worse for American cybersecurity.
A critical SQL injection in Ghost CMS turned 700+ sites into malware launchers. Harvard, Oxford, DuckDuckGo compromised. Here's what happened and what to do.
Attackers are forging authentication cookies to bypass Palo Alto GlobalProtect VPN logins. CISA KEV listed, Rapid7 confirms active exploitation since May 17.
DarkSword silently compromises iPhones through website visits alone. 270M devices affected. Apple breaks its own policy with a rare iOS 18 security backport.
FBI classifies breach of its surveillance network as a 'major incident.' Salt Typhoon suspected. Wiretap targets and investigation data potentially exposed.
Google I/O 2026 shipped an entire agent stack: Gemini 3.5 Flash, Antigravity 2.0, WebMCP, Gemini Spark, and Agent Payments Protocol. What it means for builders.
No single organization can defend against AI-powered attacks alone. Project Glasswing's $100M consortium model may be the template for the next decade of
Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed customer API keys and environment
Claude Mythos discovered vulnerabilities that survived 27 years of human review. This technical breakdown covers how it works, what it found, and why your
Three AI framework attacks in one week expose how classic vulnerabilities are hiding in AI's foundational plumbing, putting millions of deployments at risk.
Apple chose Google's Gemini over ChatGPT for Siri's AI upgrade. This $1B/year deal reveals who's actually winning the AI race, and it's not who you think.
3 million patients couldn't access healthcare after PIH Health's ransomware attack. Here's why hospitals are ransomware's favorite target, and what changes.
AT&T's $177M settlement covers 73M customers, but the real story is how breach data from 2019 just resurfaced in 2026 with fully decrypted SSNs. Here's why.
OpenAI just released GPT OSS - their first open-source AI models since 2019. These aren't just free downloads; they're transparent, powerful systems that
At RSAC 2025, the cybersecurity landscape underwent a seismic shift. This analysis reveals how autonomous AI agents, deepfake technologies, and quantum
California has passed revolutionary legislation to regulate artificial intelligence, requiring companies to disclose training data and label AI-generated