Latest Internet & Cybersecurity News
G7 publishes AI SBOM guidance to improve transparency and supply-chain security
Government agencies from G7 countries released joint guidance for creating a software bill of materials (SBOM) for AI systems. The document, “Software Bill of Materials for AI – Minimum Elements,” is designed to help organizations document AI components, dependencies, and modules more clearly to strengthen cybersecurity and supply-chain visibility.
Cyberattacks in Asia-Pacific are accelerating, with ransomware timelines shrinking sharply
QBE says cyber incidents in Asia-Pacific are moving faster, with the average time from initial access to ransomware deployment falling by about 70% since 2021. The report also warns that attackers are stealing more data, targeting a wider range of countries, and increasingly using AI-assisted impersonation in scams.
MySQL exposures and slow remediation remain widespread across organizations
Intruder’s 2026 Attack Surface Management Index found that 26% of organizations exposed MySQL databases to the internet, while 49% exposed risky ports and services. The report also highlighted exposed API documentation, WordPress Admin, phpMyAdmin, SNMP, and UPnP, underscoring persistent weaknesses in external attack surfaces.
Organizations face a widening gap between vulnerability discovery and exploitation
Security teams are increasingly concerned that AI tools could shorten the time between a flaw being discovered and exploited by attackers. That pressure is amplified by the large number of exposed services and slow remediation trends identified in the latest attack-surface data.
Microsoft and Palo Alto Networks use AI to uncover vulnerabilities in their own code
Industry coverage highlights that Microsoft and Palo Alto Networks reported finding many vulnerabilities by applying AI to their own codebases. The development underscores how defenders are increasingly using automation and AI to accelerate code review and identify weaknesses before attackers do.
Microsoft patches a critical zero-click Outlook vulnerability
Microsoft has issued a patch for a critical Outlook flaw described as zero-click, meaning attackers may not need user interaction to exploit it. The issue is being treated as a serious enterprise threat because successful exploitation could provide a path into corporate environments.
Hundreds of malicious RubyGems packages force a security response
RubyGems suspended registrations after hundreds of malicious packages were identified, signaling ongoing abuse of open-source software ecosystems. The incident adds to concerns about supply-chain contamination through package repositories used by developers worldwide.
Foxconn confirms North American factories were hit by a cyberattack
Foxconn said its North American factories were affected by a cyberattack, adding a major manufacturing name to this week’s incident list. Events like this show that operational disruption remains a major risk when attackers successfully reach industrial and enterprise environments.
Apple patches dozens of vulnerabilities across macOS and iOS
Apple released updates addressing dozens of vulnerabilities in macOS and iOS. Large patch batches like this are a reminder that endpoint ecosystems remain high-value targets and that timely device updates are critical for reducing exposure.
Siemens, Schneider, and CISA release new industrial security advisories
The latest ICS Patch Tuesday brought fresh advisories from Siemens, Schneider, and CISA. Industrial control systems remain a major focus for defenders because vulnerabilities in these environments can affect both safety and continuity of operations.
BWH Hotels says attackers accessed reservation data for six months
BWH Hotels disclosed that hackers had access to reservation data for six months, illustrating how long-dwell intrusions can go undetected. Extended access increases the likelihood of data theft, regulatory exposure, and reputational damage after discovery.
Akamai to acquire LayerX in a move expanding AI and browser security
Akamai announced plans to acquire AI and browser security firm LayerX for $205 million. The deal reflects growing demand for browser-focused defenses and AI-aware security controls as organizations try to protect users and data at the application edge.