Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
AIIvanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti has issued a warning about CVE-2026-6973, a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) that is being actively exploited in limited attacks. The flaw, caused by improper input validation, allows authenticated users with administrative access to execute remote code on affected systems running EPMM versions prior to 12.6.1.1, 12.7.0.1, and 12.8.0.1.
AIScaling cloud and AI: Microsoft Azure’s commitment to Europe’s digital future
Microsoft is significantly expanding its Azure datacenter infrastructure across Europe to meet surging demand for cloud and AI services, with new regions launched in Austria, Belgium, Denmark, Greece, and Finland. The expansion focuses on providing sovereign cloud solutions that offer transparency, operational control, and compliance with local regulations while maintaining access to advanced AI c
AIOpenAI exec says company hopes to burn $50B of somebody else's money on compute this year
OpenAI president Greg Brockman testified that the company expects to spend $50 billion on computing power in 2026, despite not yet achieving profitability or meeting revenue targets. Much of the funding from major investors like Microsoft, Amazon, and SoftBank comes with conditions requiring OpenAI to purchase compute resources from those same investors, effectively functioning as rebates rather t
AIFirefox integrates an ad-blocker, but not to block ads
Firefox 149 has quietly integrated Brave's Rust-based ad-blocking engine (adblock-rs) into its codebase, but the feature is disabled by default and not intended for consumer ad-blocking purposes. Mozilla appears to be experimenting with the technology for other use cases, while the privacy-focused Waterfox browser fork is actively testing the same engine as a built-in ad-blocker. Users can manuall
AIDarkSword Malware
DarkSword is a sophisticated, likely government-designed iOS malware exploiting six zero-day vulnerabilities across iOS versions 18.4-18.7, deployed by multiple commercial surveillance vendors and state-sponsored actors since November 2025. The exploit chain has been used in targeted campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine, deploying three distinct malware families post-compro
AIRowhammer Attack Against NVIDIA Chips
Two independent research teams have demonstrated critical Rowhammer attacks against NVIDIA Ampere-generation GPUs that exploit GDDR memory bitflips to gain complete control over host CPU memory and achieve full system compromise. The attacks, named GDDRHammer and GeForge, work by corrupting GPU page tables to escalate privileges to root access, with a third attack variant functioning even when IOM
AIEnforcing trust and transparency: Open-sourcing the Azure Integrated HSM
Microsoft is open-sourcing its Azure Integrated HSM, a FIPS 140-3 Level 3 certified hardware security module built into every new Azure server, to enhance transparency and trust in cloud cryptographic operations. The firmware, driver, and software stack will be released through the Open Compute Project, enabling independent validation by customers, partners, and regulators. This server-local appro
AIAzure IaaS: Defense in depth built on secure-by-design principles
Microsoft Azure IaaS implements a comprehensive security architecture combining defense-in-depth layering with Secure Future Initiative (SFI) principles across compute, networking, and storage infrastructure. Security is engineered from hardware roots of trust through virtualization boundaries, with protections enabled by default including network isolation, encryption, and DDoS mitigation. The pl
AIAnti-DDoS Firm Heaped Attacks on Brazilian ISPs
Huge Networks, a Brazilian DDoS protection firm, was found to be harboring infrastructure used to launch massive DDoS attacks against Brazilian ISPs through a botnet exploiting vulnerable TP-Link routers. The company's CEO claims the malicious activity resulted from a January 2024 security breach that compromised development servers and his personal SSH keys, suggesting a competitor may be attempt
AIAttacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
Cybercriminals are exploiting Windows Phone Link functionality to intercept SMS messages and bypass two-factor authentication through a new attack campaign. The attacks deploy CloudZ RAT malware alongside a novel plugin called Pheno to compromise the connection between Windows PCs and smartphones, enabling unauthorized access to text messages and authentication codes.
AIFrom Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
Dark Reading commemorates its 20th anniversary by identifying 20 pivotal cybersecurity news events from the past two decades that have fundamentally shaped today's enterprise threat landscape. The retrospective spans from landmark incidents like Stuxnet to emerging AI-driven security challenges exemplified by ChatGPT, illustrating the evolution of cyber risks facing modern organizations.
AIModernize your workflows: Amazon WorkSpaces now gives AI agents their own desktop (preview)
Amazon WorkSpaces now enables AI agents to securely operate desktop and legacy applications through managed virtual desktops in public preview, eliminating the need for API development or application modernization. The service supports industry-standard Model Context Protocol (MCP) and integrates with popular agent frameworks like LangChain and CrewAI, while maintaining enterprise security control
AIThe AWS MCP Server is now generally available
AWS has launched the AWS MCP Server, a managed Model Context Protocol server that provides AI agents and coding assistants with secure, authenticated access to AWS services through IAM credentials. The service addresses common issues with AI agents working on AWS, including outdated training data and overly permissive IAM policies, by offering real-time documentation access and a compact set of to
AIThe Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open
The Hacker News, a cybersecurity news publication with nearly 20 years of experience, has announced the launch of its 'Cybersecurity Stars Awards 2026' with submissions now open. The awards aim to recognize and celebrate the often-overlooked achievements of cybersecurity leaders, teams, and security products that work continuously to defend against threats.
AIMuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
Iranian state-sponsored threat actor MuddyWater conducted a false flag ransomware attack in early 2026, using Microsoft Teams as an initial attack vector through social engineering techniques. Rapid7 identified this operation, which represents a concerning evolution in nation-state tactics that disguise espionage activities as financially-motivated cybercrime.
AICode Orange: Fail Small is complete. The result is a stronger Cloudflare network
Cloudflare has completed 'Code Orange: Fail Small,' a major engineering initiative to prevent incidents like the November and December 2025 global outages. The project introduced progressive configuration rollouts with health monitoring, better failure modes that preserve service continuity, and improved incident management procedures to enhance network resilience for all customers.
AIWhen DNSSEC goes wrong: how we responded to the .de TLD outage
On May 5, 2026, DENIC's incorrect DNSSEC signatures for the .de TLD caused widespread DNS resolution failures, potentially affecting millions of German domains. Cloudflare's 1.1.1.1 resolver mitigated the impact through 'serve stale' functionality (RFC 8767) and Negative Trust Anchors (RFC 7646), continuing to serve cached records and temporarily disabling DNSSEC validation for .de domains until D
AI‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
Tyler Robert Buchanan, a 24-year-old British national and senior member of the Scattered Spider cybercrime group, has pleaded guilty to wire fraud conspiracy and aggravated identity theft for his role in 2022 SMS phishing attacks targeting major technology companies. The attacks compromised at least a dozen firms including Twilio, LastPass, and DoorDash, enabling SIM-swapping schemes that stole at
SOC 2 Type II in 90 Days — What's Actually Required
The unglamorous control matrix that drives 80% of audit findings.