Articles about Security

Details have emerged about a now-patched flaw in Microsoft Entra ID which could have been exploited to gain access to any tenant of any company in the world.

Tracked as CVE-2025-55241, the Azure Entra Elevation of Privilege Vulnerability has a CVSS 3.1 severity rating of 10.0. The security researcher who discovered the flaw said that he had “found the most impactful Entra ID vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world”.

Continue reading →

The move from passwords to passkeys is making gradual progress, and Google is among the companies pushing to encourage people to make the switch.  Now there are signs that things are being taken up a notch.

Hidden away in the most recent Canary build of Chrome, Google is testing a flag which, when enabled, will automatically convert saved passwords into passkeys when logging into a site or service.

Continue reading →

A growing cybersecurity skills crisis is forcing 64 percent of the organizations across Europe the Middle East and Africa to take risky shortcuts and temporary fixes to meet security demands.

Research from Insight Enterprises shows only 24 percent of IT decision-makers across EMEA say they have sufficient in-house cyber skills to keep pace with evolving threats. These shortages are delaying key initiatives (57 percent) and leaving more than half (57 percent) struggling to meet compliance requirements.

Continue reading →

PasswordManager.com has released a new survey looking at how business leaders view Gen Z employees (those born around the mid-to-late 1990s through the early 2010s), especially when it comes to the handling of sensitive company information.

The results reveal that many bosses are worried about the younger generation, with nearly half of respondents believing they could leak secrets for social media attention.

Continue reading →

History appears to be repeating. Plex has announced that it has suffered a security breach, exposing user data. The last time this happened was in 2022, and users are being advised to change passwords as soon as possible.

The company is referring to it as a “security incident that may potentially involve your Plex account information”. While Plex tries to downplay the severity of the breach, the fact that “an unauthorized third party accessed a limited subset of customer data from one of our databases” is concerning – especially when you consider that this is not the first time.

Continue reading →

In an age where there is increased concern about privacy and security, people are embracing messaging platforms such as Signal. While Signal and other apps of its ilk mean enjoying a security boost, such apps are playing catch-up with mainstream messaging platforms in terms of other features and options.

Signal has just announced the availability of secure backups for chats, promising an easy way to restore your messaging history to a new device. This is something that Signal users have been begging for, and now it is here. As you might expect with a platform associated with security and privacy, backups are not a simple matter with Signal.

Continue reading →

Microsoft has admitted that the security updates released for Windows in August caused problems for a lot of users. Affected users experienced a series of unexpected UAC (User Account Control) prompts.

The scale of the issue is large. This is not a problem that is limited to a particular version of Windows – every supported version of Windows that received the August 2025 security update is affected. This means that Windows 10, Windows 11, Windows Server 2022 and Windows Server 2025 have all been hit with the UAC prompts.

Continue reading →

WhatsApp has addressed a serious security flaw in certain versions of its app. The vulnerability was a zero-click exploit, which the company says was being used to target specific users.

No details have been provided about those who were being targeted, so it is not clear whether they are celebrities, people linked to businesses, or something else. What is interesting, however, is the fact that it was Apple users who had been single out.

Continue reading →

Downloading apps from an official app store helps to avoid dodgy  software. The obstacles that can stand in the way of  developers getting their apps into the likes of the Google Play Store, however, means that sideloading remains incredibly popular.

Sideloaded apps – those downloaded from unofficial sources – can be safe, but it is something of a minefield. And this is why Google has announced plans to block the sideloading of apps from developers that it has not been able to verify.

Continue reading →

Whether you have been waiting for it or not, Google Password Manager is now available as a standalone app for Android users.

Breaking the Password Manager component out of the Chrome browser is an interesting move. There is no real reason for Google doing so other than making it slightly easier to access saved passwords and usernames.

Continue reading →

Nearly half of Americans admit to reusing passwords across accounts, even as phishing attacks continue to rise. A new survey by Yubico and Talker Research shows that while many people feel confident in their ability to stay secure online, their actual habits reveal a different story.

The study asked consumers in 10 major US metro areas about their digital security practices. Forty eight percent said they use the same password for multiple accounts, a behavior that leaves them exposed if one login is compromised.

Continue reading →

Lenovo’s customer service AI chatbot Lena was recently found to contain a critical vulnerability that could allow attackers to steal session cookies and run malicious code.

Cybernews researchers discovered that with just one maliciously crafted prompt, the AI could be manipulated into exposing sensitive data. Lenovo has since fixed the issue, but the case shows how chatbots can create fresh risks when not properly secured.

Continue reading →

The AI race is the modern-day space race, and the US is concerned that China will make too much progress too quickly. This is precisely why President Trump recently suggested that the likes of NVIDIA only allowed to sell limited versions of its AI chips to Chinese customers.

How could this be policed? Through the use of trackers, according to sources familiar with the matter.

Continue reading →

Microsoft has launched a limited public preview of Windows 365 Reserve, a new cloud-based service to help reduce downtime and disruption for business when disaster strikes.

Whether there is a system failure, a cyberattack, or something else goes wrong, Windows 365 Reserve provides access to a Cloud PC to help reduce disruptions. Microsoft says that it offers businesses “secure and on-demand Cloud PC access from anywhere when you need it most”.

Continue reading →

Google has revealed more details about an attack on one of its corporate Salesforce instances. The company now says that the attack exposed user data of Google Ads customers.

The security issue was spotted by Google Threat Intelligence Group (GTIG) back in June. Activity by UNC6040 – described as a financially motivated threat cluster that specializes in voice phishing (vishing) – hit Salesforce and subsequent investigations have revealed the extent and impact of the attacks.

Continue reading →