Oracle's AI datacenter splurge gives investors the capex jitters
Q4 sales climbed 21%, but Wall Street more interested in $70B buildout bill
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
CISA tells govt agencies to patch critical exploited flaws in 3 days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Execut…
Met Police joins forces with Apple to choke London's stolen phone trade
Intelligence-sharing pact tracks kit that comes back online after being nicked
Hackers Exploit Langflow Vulnerability for Remote Code Execution
Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system. The post Hackers Exploit Langflow Vulnerability for R…
Siemens Says Desigo CC Files Flagged as Malware by Security Engines
A PowerShell script included in patch files appears to be triggering false positives by multiple security engines. The post Siemens Says Desigo CC Files Flagged as Malware by Secur…
AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS.
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution wa…
FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers
The 13 websites purported to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances The post FBI Seizes 13 Websi…
Enhanced License Plate Tracking
The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as ca…
Splunk, Palo Alto Networks Patch Severe Vulnerabilities
The security defects could allow attackers to create or modify arbitrary files and access and modify protected resources. The post Splunk, Palo Alto Networks Patch Severe Vulnerabi…
Malware scare keeps schoolkids home for a second day
Great Marlow restricts network access while it investigates suspected infection
NS&I dangles £220K salary for CEO willing to straighten out £3B IT mess
Comes with a corner office, government scrutiny, and the 'full-spectrum disaster' known as Project Rainbow
‘GreatXML’ Zero-Day Exploit Bypasses BitLocker
The PoC exploits Microsoft Defender’s offline scan to spawn a SYSTEM shell when rebooting in Recovery Mode. The post ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker appeared first o…
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPEC…
Nottingham Uni says student records raided after ShinyHunters claims cyberattack
Crooks claim 40 GB haul as breach database pegs number of exposed email addresses at 455K
Microsoft fixes BitLocker recovery bug on Windows Server 2025
Microsoft has resolved a known issue causing some Windows Server 2025 devices to boot into BitLocker recovery after installing the April 2026 security update. [...]
University of Nottingham Confirms Breach After Hackers Leak Data
The ShinyHunters hacker group has taken credit for the attack, leaking more than 450,000 email addresses and other information. The post University of Nottingham Confirms Breach Af…
UK Treasury still deciding whether to show up to £1.7B ERP program it agreed to fund
Move from Oracle put back until December following delays to Workday rollout
Nottingham University data breach affects over 450,000 students
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]
Every employee’s password was stored in a single Excel file
The CEO thought this was the best way to deal with some email issues
Microsoft Patches Exploited Exchange Server Vulnerability
The company warned about zero-day attacks exploiting the Exchange Server vulnerability CVE-2026-42897 on May 14. The post Microsoft Patches Exploited Exchange Server Vulnerability…
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The c…
Max severity Ivanti Sentry vulnerability now exploited in attacks
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways…
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
North Korea's gross domestic product (GDP) has grown, in part because of the nation's state-sponsored cybercrime groups, which target financial firms and other businesses.
Chinese agents caught rebuilding botnets and stirring the pot on AI datacenter debate
PRC eyes are watching you
Memory and personalization make AI more likely to tell you what you want to hear
A little knowledge is a dangerous thing, particularly for enterprise applications
Path traversal flaw in AI dev platform Langflow exploited in attacks
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. …
CISA Rewrites Federal Patching Requirements for AI Threat Era
The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.
Blockbuster new Raspberry Pi project turns any screen into old-school VCR
Who needs fancy menus and high definition? 240-MP will play your media files like it's 1999
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
It blocked us at 'hello!' Anthropic Fable 5 refusing innocuous prompts
Hyper-vigilant safety classifiers turn Fable into cautionary tale