Ravie LakshmananMay 20, 2026Vulnerability / Encryption Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has… Read More "Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit"
Notice what CVE actually does, though. It doesn’t tell anyone to patch a flaw. The flaw was a 90-minute window in which a publishing pipeline was compromised, and the window has closed. The CVE is a retroactive notification. Meaning, if… Read More "Why some security fixes never reach your vulnerability dashboard"
The Trump administration’s shift in tone and approach toward traditional allies has understandably unsettled many nations, raising doubts about U.S. reliability and concerns over dependence on American technology. Many had become used to China and Russia’s often belligerent tone, flexing their… Read More "The quest for greater tech independence"
Vulnerability exploitation has overtaken compromised credentials for the first time in nearly two decades as the most common initial access vector for data breaches, according to Verizon. The tech giant’s Data Breach investigations Report (DBIR) has been providing threat landscape… Read More "Verizon DBIR: Vulnerability Exploits Overtake Credentials"
In 2012, the “Shadow IT” crisis was employees putting files in Dropbox for convenience. In 2026, the crisis is Shadow MCP. Instead of a simple file storage app, security teams are now facing unvetted AI agents with the power to… Read More "Shadow MCP Servers: The AI Infrastructure You Can’t See"
A software defect at Lloyds Banking Group exposed the personal data of up to 447,936 customers after an IT glitch allowed users to see other customers’ transactions and account information. The incident, which occurred on 12 March during an overnight… Read More "Lloyds IT Glitch Exposed Data of Nearly 500,000 Banking Customers"
The Common Vulnerability Scoring System (CVSS) remains the bedrock of risk communication for many mid-market organizations. Assigning numerical values to vulnerabilities enables a unified dialogue among security researchers, vendors, and IT teams, ensuring everyone speaks the same language when a… Read More "What is CVSS? A Complete Guide to Vulnerability Scoring"
Ravie LakshmananMay 20, 2026Supply Chain Attack / Cloud Security Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident… Read More "Grafana GitHub Breach Exposes Source Code via TanStack npm Attack"
A wave of tax-themed cyber campaigns delivering malware, remote access tools, fraud schemes and credential phishing has been detected in early 2026. Proofpoint researchers identified more than a hundred such operations, highlighting how attackers continue to exploit the pressures and expectations… Read More "Cybercriminals Exploit Tax Season With New Phishing Tactics"
GitHub on Tuesday said it’s investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform’s source code and internal organizations for sale on a cybercrime forum. “While we currently have no evidence… Read More "GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories"
