Vulnerabilities
A new Linux kernel LPE called CIFSwitch lets unprivileged local users forge a cifs.spnego key description and hijack the kernel key-request mechanism, getting cifs.upcall to run attacker-controlled NSS code as root. PoC is public; CVE assignment is pending.
Vulnerabilities
The researcher behind a six-week run of uncoordinated Microsoft zero-day disclosures pledged a July 14, 2026 'bone-shattering' Windows exploit drop. Microsoft signaled law-enforcement action and pulled the researcher's GitHub account. Both sides have hardened.
Policy & Government
US Central Command confirmed foreign adversaries are using commercial location data to track and surveil US troops in theater. Sen. Ron Wyden said it is time to treat the adtech industry as a national security threat. Adversaries were not named.
Vulnerabilities
Microsoft's MSRC publicly condemned a six-flaw run of uncoordinated zero-day disclosures, saying the leaks put customers at 'unnecessary risk.' It's a position shift after six weeks of researcher disclosures that forced emergency response. The story is the tension itself.
Security Research
Apple published the post-quantum cryptography implementations in corecrypto — the library behind iOS, iPadOS, and macOS — alongside formal proofs and verification tools. It does not change today's encryption posture, but it lets outside experts audit the math that will protect tomorrow's.
Vulnerabilities
Gitea disclosed CVE-2026-27771, a registry authorization flaw that lets unauthenticated attackers pull private container images from any self-hosted Gitea below 1.26.2. It collapses the security premise of self-hosting: keeping images off public registries.
Policy & Government
The FBI's Operation Winter SHIELD distills 10 proven defensive controls from real-world investigations — and its central message is blunt: most organizations are breached because they don't implement what they already know works.
Data Breaches
Minidoka Memorial Hospital transferred emergency patients after an imaging outage; a new ransomware group demands payment for an alleged 2.3 million files. RUPERT, ID — A quiet Easter morning in rural Idaho was shattered on April 5, 2026, when Minidoka Memorial Hospital (MMH) fell victim to a cyberattack that paralyzed
Military & Defense
Journalist demonstrates naval mail screening flaw by mailing a Bluetooth device to NATO frigate HNLMS Evertsen; envelopes were not X-rayed like standard packages. THE HAGUE, NL — In a staggering demonstration of security asymmetry, a Dutch journalist has exposed a critical physical vulnerability within NATO naval operations. By mailing a $5
Data Breaches
The municipality of Epe confirms a massive exfiltration event impacting nearly all 32,000 residents; authorities offer free identity document replacements as theft concerns mount. EPE, NETHERLANDS — The municipality of Epe has officially confirmed that a cyberattack first detected in March 2026 resulted in the theft of personal data belonging
Data Breaches
UK Biobank's complete dataset exposed via three Chinese research institutions; listings removed after UK-China government intervention. LONDON, UK — In what is being described as a geopolitical health data security scandal, the UK government has confirmed that confidential medical and genomic data belonging to all 500,000 UK Biobank
Policy & Government
Security Minister Dan Jarvis announces 3-year SME funding and mandatory board-level cyber accountability at CYBERUK 2026. BIRMINGHAM, UK — In a landmark move to fortify the nation’s digital borders, the UK government has committed £90m ($120m) in new funding to bolster the cyber resilience of small and medium-sized enterprises (SMEs)