10 Jul, 2026

GitHub tightens npm security with mandatory 2FA, access tokens

GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. Notable cyberattacks that started from compromising GitHub repositories and then spread to NPM include the “s1ngularity” attack in late August, the “GhostAction” campaign in early September, and the worm-style campaign dubbed “Shai-Hulud” from last week. The […]

2 mins read

New EDR-Freeze tool uses Windows WER to suspend security software

A new method and proof-of-concept tool called EDR-Freeze demonstrates that evading security solutions is possible from user mode with Microsoft’s Windows Error Reporting (WER) system. The technique eliminates the need of a vulnerable driver and puts security agents like endpoint detection and response (EDR) tools into a state of hibernation. By using the WER framework together […]

3 mins read

New AI attack hides data-theft prompts in downscaled images

Researchers have developed a novel attack that steals user data by injecting malicious prompts in images processed by AI systems before delivering them to a large language model. The method relies on full-resolution images that carry instructions invisible to the human eye but become apparent when the image quality is lowered through resampling algorithms. Developed […]

3 mins read

Android’s pKVM hypervisor earns SESIP Level 5 security certification

Google announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security assurance level for IoT and mobile platforms. The pKVM is the hypervisor underpinning the Android Virtualization Framework (AVF), providing an isolated, high-assurance environment for executing critical workloads. These include Google’s AI models like Gemini Nano […]

2 mins read

Microsoft 365 apps to soon block file access via FPRPC by default

Microsoft has announced that the Microsoft 365 apps for Windows will start blocking access to files via the insecure FPRPC legacy authentication protocol by default starting late August. These changes apply only to Microsoft 365 apps for Windows and will not affect Microsoft Teams users across Windows, Mac, web, iOS, or Android. “Microsoft 365 apps […]

2 mins read

WhatsApp adds new security feature to protect against scams

WhatsApp is introducing a new security feature that will help users spot potential scams when they are being added to a group chat by someone not in their contact list. This feature displays a “safety overview” context card that includes information about the group’s creation date, the number of members, potential scam attempts, and instructions […]

2 mins read

Windows 11 now uses JScript9Legacy engine for improved security

Microsoft announced that it has replaced the default scripting engine JScript with the newer and more secure JScript9Legacy on Windows 11 version 24H2 and later. The decision is driven by security concerns, as JScript9Legacy is expected to offer better protection against web threats, such as cross-site scripting (XSS), and also improved performance. “To provide a more […]

1 min read

Samsung announces major security enhancements coming to One UI 8

Samsung has announced multiple data security and privacy enhancements for its upcoming Galaxy smartphones running One UI 8, its custom user interface on top of Android. Key highlights include the introduction of a system-level architecture named Knox Enhanced Encrypted Protection (KEEP), upgrades to Knox Matrix, and the addition of quantum resistance to WiFi connectivity. Keeping […]

2 mins read

International Criminal Court hit by new ‘sophisticated’ cyberattack

On Monday, the International Criminal Court (ICC) announced that it’s investigating a new “sophisticated” cyberattack that targeted its systems last week. In a statement yesterday, the ICC revealed that it had contained a “sophisticated and targeted” cybersecurity incident, which was discovered by systems in place to detect cyberattacks targeting its systems. “This incident, the second […]

3 mins read