News
All topics →Timely analysis of the breaches, deals, exploits, and policy shifts reshaping cybersecurity, identity, and AI. Each piece goes past the headline to what it means for the people building and defending software. Updated continuously, newest first.
38 stories, newest first.
Latest
CISA is operating at 40% capacity with 1,000 vacancies. Six threat hunters resigned in one day. The timing couldn't be worse for American cybersecurity.
Read the article
A critical SQL injection in Ghost CMS turned 700+ sites into malware launchers. Harvard, Oxford, DuckDuckGo compromised. Here's what happened and what to do.
Attackers are forging authentication cookies to bypass Palo Alto GlobalProtect VPN logins. CISA KEV listed, Rapid7 confirms active exploitation since May 17.
A poisoned LiteLLM package led to 4TB stolen from Mercor, the AI training startup serving Meta, OpenAI, and Anthropic. Class action lawsuits filed.
DarkSword silently compromises iPhones through website visits alone. 270M devices affected. Apple breaks its own policy with a rare iOS 18 security backport.
FBI classifies breach of its surveillance network as a 'major incident.' Salt Typhoon suspected. Wiretap targets and investigation data potentially exposed.
Google I/O 2026 shipped an entire agent stack: Gemini 3.5 Flash, Antigravity 2.0, WebMCP, Gemini Spark, and Agent Payments Protocol. What it means for builders.
No single organization can defend against AI-powered attacks alone. Project Glasswing's $100M consortium model may be the template for the next decade of
Vercel breached after attacker compromised Context.ai, hijacked an employee's Google Workspace via OAuth, and accessed customer API keys and environment
Claude Mythos discovered vulnerabilities that survived 27 years of human review. This technical breakdown covers how it works, what it found, and why your
Three AI framework attacks in one week expose how classic vulnerabilities are hiding in AI's foundational plumbing, putting millions of deployments at risk.
An employee saw the CFO on video. Heard colleagues speaking. Authorized $25M in transfers. Every person was an AI-generated deepfake.
Attackers are harvesting your encrypted data today to decrypt with quantum computers tomorrow.
Ransomware groups now steal trade secrets before encryption. Nike's 1.4TB theft included shoe designs, patents, supplier lists, IP worth billions.
Google's $32B pursuit of Wiz shows security market consolidating. When hyperscalers own security vendors, customers lose pricing leverage and choice.
17.5 million Instagram accounts leaked through API scraping. Meta denies breach, but your data is on the dark web. Here's what actually happened.
Apple chose Google's Gemini over ChatGPT for Siri's AI upgrade. This $1B/year deal reveals who's actually winning the AI race, and it's not who you think.
OpenAI just announced ads are coming to ChatGPT. For 800M weekly users, this changes everything about how 'free' AI actually works.
3 million patients couldn't access healthcare after PIH Health's ransomware attack. Here's why hospitals are ransomware's favorite target, and what changes.
AT&T's $177M settlement covers 73M customers, but the real story is how breach data from 2019 just resurfaced in 2026 with fully decrypted SSNs. Here's why.
TikTok's new U.S. ownership brought privacy changes that sparked mass deletions. Here's what actually changed and what it means for your data.
Twilio acquiring Stytch signals a major shift in developer CIAM. I've analyzed 20+ platforms, from Descope to Keyclock, to show you which deliver on
OpenAI just released GPT OSS - their first open-source AI models since 2019. These aren't just free downloads; they're transparent, powerful systems that
This deal represents the maturation of the identity market. The days of pure-play identity vendors competing primarily on features are ending.
Security researchers discovered 16 billion stolen passwords from Apple, Google, Facebook and more.
The identity industry faces its biggest shift yet: machines now outnumber humans 90:1 in digital systems.
How did a $400 million data breach happen at Coinbase? It wasn't a tech failure, it was a human one.
At RSAC 2025, the cybersecurity landscape underwent a seismic shift. This analysis reveals how autonomous AI agents, deepfake technologies, and quantum
Google acquires cloud security leader Wiz for $32B, the largest cybersecurity deal ever.
Dive into Mozilla's controversial 2025 privacy changes, including removed 'no data sale' guarantees and Git repository security upgrades.
The Department of Government Efficiency (DOGE) website was left vulnerable to unauthorized edits.
As geopolitical tensions reshape AI adoption, enterprises struggle to balance OpenAI's compliance frameworks against DeepSeek's cost efficiency.
Discover how Alibaba's Qwen 2.5-Max AI model with Mixture-of-Experts architecture outperforms DeepSeek V3 in key benchmarks, challenges OpenAI, and
DeepSeek redefines AI with cutting-edge innovations: MoE architecture activates only 37B parameters/token, FP8 training slashes costs, and latent
California has passed revolutionary legislation to regulate artificial intelligence, requiring companies to disclose training data and label AI-generated
The .io domain has been a favorite for tech startups, but its potential disappearance is sending ripples through the industry.
This article explores the AI landscape, empowering you to use AI tools safely and protect your personal data.
Apple's latest Passwords app is poised to transform the way we manage and protect our digital identities.
