Google has launched a new AI Vulnerability Reward Program (AI VRP) that pays up to $30,000 for critical flaws in its AI systems. Covering products such as Gemini, Search, and Workspace, the initiative bridges responsible AI research with traditional bug bounty frameworks, rewarding ethical hackers who strengthen AI security.
Within four weeks, AWS, Azure and Cloudflare all suffered major outages triggered by internal configuration and metadata failures rather than attacks. This article unpacks the Cloudflare–Azure–AWS outage pattern, examines how cloud centralisation amplifies these incidents and outlines realistic resilience moves for IT, SRE and security teams.
Pixel 10 finally delivers real Pixel to iPhone file sharing. By linking Android’s Quick Share with Apple’s AirDrop over a peer-to-peer bridge, Google removes the need for sketchy third-party tools while giving security teams a clearer, audited path to manage cross-platform file transfers.
Trump urged Microsoft to fire Lisa Monaco, its head of global affairs, raising concerns over her revoked security clearance and history in DOJ investigations.
Security researchers have identified a new StealIt malware campaign abusing the NodeJS SingleFile module to exfiltrate sensitive data from compromised environments. This JavaScript-based threat demonstrates how legitimate developer tools can be turned into effective espionage vectors within open-source ecosystems.
China’s Ministry of State Security alleges that the U.S. National Security Agency breached its National Time Service Centre over multiple years. The event signals new exposure for timing infrastructure and escalates global cyber conflict.
A rapid cascade of cyber events Chrome zero-day, a record DDoS, Cisco IOS exploit, and Kali Linux upgrade highlight how threat activity keeps accelerating.
Cephalus ransomware breaks in through exposed or weak RDP, steals data, and launches a Go-based encryptor that disables backups and evades analysis with DLL sideloading and key obfuscation. Consequently, victims encounter fast double-extortion pressure and noisy business disruption unless identity and remote-access controls stop the chain early.
Teams will auto-detect work location via corporate Wi-Fi with user consent. Learn what ships, how it works, and how to set policy and privacy guardrails.
A chilling evolution: Storm-0249 has shifted from selling access to enabling full-blown ransomware campaigns. Their new combination of ClickFix social-engineering, fileless PowerShell and DLL sideloading dramatically increases stealth and persistence across enterprise environments.