cybersecurity

Microsoft's February Patch Tuesday fixes 58 flaws including six zero-days already under attack, with CISA ordering immediate federal remediation.

OpenAI launches a tiered access framework for cybersecurity professionals alongside $10 million in API grants, as GPT-5.3-Codex becomes the company's first model rated 'high' for cyber risk.

A CVSS 9.9 command-injection bug in BeyondTrust Remote Support and Privileged Remote Access lets unauthenticated attackers execute OS commands, echoing the zero-days that gave Chinese state hackers access to the U.S. Treasury in 2024.

Binding Operational Directive 26-02 gives agencies 18 months to inventory and replace end-of-life firewalls, routers, and switches that advanced threat actors are actively exploiting.

The European Commission must decide by February 10 whether to approve Google's largest-ever acquisition or open a deeper probe, in a case that could reshape cloud security competition worldwide.

Substack disclosed a breach that went undetected for four months, with a hacker leaking email addresses, phone numbers, and internal metadata for hundreds of thousands of users on BreachForums.

OpenAI releases GPT-5.3-Codex, its fastest agentic coding model yet, but delays API access after classifying it as 'High' cybersecurity capability under its Preparedness Framework.

Lotus Blossom APT group compromised Notepad++ update infrastructure from June to December 2025, delivering Cobalt Strike and custom backdoors to select government and telecom targets

Threat actor exploited infostealer-harvested passwords to breach enterprise file-sharing platforms at major companies lacking MFA protection.