Category: Information Security Buzz

A newly disclosed flaw in Ubuntu’s Snap ecosystem is raising fresh concerns about local privilege escalation risks in default Linux environments.  Researchers at Qualys have identified CVE-2026-3888, a high-severity vulnerability that allows a low-privileged local user to escalate access to full root…

Read more →

Most teams already have cloud security tools in place. That’s not the issue. The problem is that those tools don’t give you any real control. Infrastructure is built fast, modified constantly, and touched by too many people to track. Code…

Read more →

Over the next decade, the way we define security failures is going to change. No longer will it begin with an unpatched server or a careless employee clicking the wrong link. The root cause will be something far more ordinary,…

Read more →

Since the outbreak of the Middle East conflict on 28 February 2026, Akamai has seen a surge of 245% in cyberattacks against key businesses and institutions in North America, Europe, and some Asian Pacific countries.  One group in particular, Handala (widely believed to have…

Read more →

Companies House, the UK’s official registrar of companies, has disclosed a security flaw in its WebFiling service that exposed sensitive data tied to more than five million registered businesses.   The issue traces back to a system update rolled out in October 2025 and went unnoticed for five months…

Read more →

The Qualys Threat Research Unit (TRU) has identified nine vulnerabilities in AppArmor, a Linux Security Module.   The vulnerability has been present since 2017 (version v4.11). AppArmor is the default mandatory access control system for Ubuntu, Debian, SUSE, and several cloud platforms. Its presence in all…

Read more →

Open source intelligence (OSINT) still sits outside the intelligence mainstream. If you’re not acquainted with the intelligence profession, you might not have come across the term at all. OSINT is the targeted collection and analysis of publicly available or licensable…

Read more →

TELUS Digital has fallen victim to a security incident in which unsanctioned actors accessed its systems.   Upon learning of this incident, the company said it took immediate action to resolve it and prevent any future breaches of its systems and environment.…

Read more →

Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing employment information, personal data, benefits, and HR information.  In a letter sent to affected staff members, the company said: “On or…

Read more →

Most conversations about AI in business start with the wrong question of “Can AI do the job?” It is entirely the wrong place to start. The real question for leadership is quieter but vastly more important…“Will this platform still exist,…

Read more →

Starbucks has disclosed a data breach attackers gained access to hundreds of employees’ Starbucks Partner Central accounts, which are used for managing employment information, personal data, benefits, and HR information.  In a letter sent to affected staff members, the company said: “On or…

Read more →

“You’re cutting into my overtime. But if I can schedule upgrades to happen overnight and sleep better, I’m in!” This is what a network engineer recently told me as I was discussing network automation. Network infrastructure owners I speak with…

Read more →

Security researchers have demonstrated how a growing class of AI safety controls (known as AI judges) can be manipulated into approving content they are supposed to block.  In new research published by cybersecurity firm Palo Alto Networks’ threat intelligence team Unit 42, analysts describe how…

Read more →

Stryker, a global medical technology company based in Michigan, has fallen victim to a data-wiping attack. A hacktivist group affiliated with Iran’s intelligence services is claiming responsibility for the incident.  Reports coming from Ireland, Stryker’s largest base outside of the…

Read more →

Salesforce has warned customers that it has identified a campaign in which threat actors are exploiting customers’ overly permissive guest user settings to potentially access more data than targeted businesses intended.  “Evidence indicates the threat actor is leveraging a modified version of the open-source tool Aura Inspector (originally developed by Mandiant) to…

Read more →

A privacy controversy surrounding Meta Platforms’ Ray-Ban smart glasses has taken a new turn after security researchers uncovered dozens of exposed credentials linked to the company’s data-annotation contractor.  Last week, Swedish outlets Svenska Dagbladet and Göteborgs-Posten reported that footage captured by Meta’s smart glasses…

Read more →

Every penetration tester has had the moment. You are two days into an engagement, sifting through cloned repositories and intercepted HTTP responses, and a hardcoded AWS key appears in a config file that has been sitting in version control for…

Read more →

The first week after the new system went live was great.  You saw the rows of red and orange flash across your dashboard as the scans were completed.   Now, for the first time, the security team could say, with some authority, where…

Read more →

Australia’s recent decision to restrict social media access for children under 16 marks one of the most significant digital policy interventions the country has seen in years. The new policy reflects rising concern among policymakers around youth access to social…

Read more →

In September, cybercriminals pulled off one of the biggest ad fraud scams in recent memory by turning scores of user devices into “ghost click farms” that generated billions of fake ad impressions daily. Then, in January, another gang did it…

Read more →