Amazon Web Services says recovery from drone strikes that hit its data centers in the United Arab Emirates and Bahrain will be measured in months, leaving customers in the region facing prolonged disruption and prompting a broader rethink of investments in Middle East infrastructure. The attacks, part of a wider bout of regional hostilities, knocked core compute racks offline, triggered
Latest Articles
Cybersecurity
How Mozilla Used Mythos to Find 271 Firefox Vulnerabilities — and What It Means
Mozilla says it used Anthropic’s Mythos model, together with a custom agent harness, to uncover 271 security issues in Firefox over roughly two months. The disclosure, supported by a small set of public Bugzilla reports, highlights a workflow that pairs large language models with deterministic tooling and verification to reduce hallucinations and produce actionable test cases — but it has also reignited debates about hype, disclosure practices, and the shifting economics and risks of AI-assisted security research. What Mozilla actually…
Continue readingDitching PsExec – Running Interactive SYSTEM Shells Natively in PowerShell
If you’ve spent any time in Windows System Administration over the last decade, I can almost guarantee you’ve reached for PsExec at least once. Originally from Sysinternals and now officially part of Microsoft, PsExec is one of those deceptively simple tools that has quietly saved thousands of IT professionals from hours of sheer agony. A single executable, zero installation, no
Cloudflare makes post‑quantum IPsec generally available
For years, the internet’s move to post‑quantum cryptography focused first on TLS, but site‑to‑site networking has lagged behind. Today Cloudflare is announcing general availability of post‑quantum encryption for Cloudflare IPsec, bringing hybrid ML‑KEM protection to WAN tunnels so organizations can defend against “harvest‑now, decrypt‑later” attacks without buying specialized hardware. This update moves another critical piece of enterprise networking closer to
How the Google Gemini CLI Flaw Turned CI/CD Pipelines into Remote Code Execution Risk
A critical remote code execution (RCE) vulnerability in the Google Gemini CLI and its associated GitHub Action exposed a startling weakness in how AI tooling can interact with developer infrastructure. Rated with the maximum CVSS score of 10.0, the bug allowed unprivileged external actors to execute commands on the machines running CI/CD workflows. This wasn’t a prompt-injection trick against a
Email threat landscape: Q1 2026 trends and insights
During the first quarter of 2026, email-based threats remained pervasive and dynamic. Microsoft Threat Intelligence recorded roughly 8.3 billion phishing messages across January–March, with monthly volumes edging down from about 2.9 billion in January to 2.6 billion in March. While total volume showed only slight decline, the quarter revealed important shifts in delivery mechanisms and attacker behavior: link-based attacks dominated,
CISA orders federal agencies to patch CVE-2026-32202 after zero-click NTLM hash leak is reported
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure Windows systems against a vulnerability tracked as CVE-2026-32202 after cybersecurity firm Akamai reported it as a zero-click NTLM hash leak left behind when Microsoft incompletely patched a February remote code execution flaw (CVE-2026-21510). CISA added CVE-2026-32202 to its Known Exploited Vulnerabilities (KEV) Catalog and mandated that