Bitlocker keys in Microsoft’s cloud are being shared with law enforcement—but the risk lies less in private devices than in broad access to all cloud-stored data, requiring organizations to verify whether their AD-cloud synchronization also includes recovery keys.
Google and Microsoft have released comprehensive security updates for their browsers Chrome (148.0.7778.216/217) and Edge (148.0.3967.96), with Chrome closing 151 vulnerabilities. Enterprise-wide patching should be prioritized.
The Microsoft Defender update KB2267602 (v1.451.155.0) causes compatibility issues with the Windows print spooler; a hotfix is available and administrators should check their printing infrastructure.
Veeam has implemented a new requirement forcing users to provide two email addresses, and a security expert is seeking information on whether other users are affected by this change.
ACROS Security has released a 0patch micropatch for a spoofing vulnerability in Windows Shell that can be exploited via links; Microsoft patched the flaw in March 2026, and the micropatch enables rapid remediation without a restart.
Dutch authorities have taken offline a botnet with 17 million infected devices and seized more than 200 supporting servers, striking a significant blow against cybercriminal infrastructure.
DDoS services are sold like commercial software subscriptions, with tiered pricing and support, showing advanced professionalization and significantly lowering the barrier to entry for potential attackers.
Threat actors are abusing ChatGPT share links to host fake OpenAI outage pages that redirect users to download malware disguised as a ChatGPT desktop application, exploiting user trust in legitimate channels through social engineering.
A new Linux kernel vulnerability in the CIFS subsystem allows local attackers to gain root privileges across multiple distributions by forging authentication keys.
Authentication flaw in Palo Alto GlobalProtect is being actively exploited; attackers can bypass VPN protection and infiltrate corporate networks, making immediate security patching essential.
Project Glasswing is a global initiative to enhance software security through systematic identification and remediation of vulnerabilities in widely used software worldwide, particularly targeting security leaders in organizations.
Project Glasswing is a global initiative to strengthen software security through systematic identification and remediation of vulnerabilities in critical systems worldwide.