Enterprise Security Tech

A new security report signals a sharp change in how risk is evolving across the Microsoft ecosystem. While the total number of disclosed vulnerabilities dipped slightly in 2025, the most dangerous flaws surged, pointing to a more concentrated and potentially more exploitable threat landscape. According to the latest annual findings from BeyondTrust, critical vulnerabilities affecting Microsoft platforms doubled year over year. The shift suggests attackers are focusing less on

A growing dispute over data exposure at Swedish AI coding startup Lovable is raising fresh questions about how quickly emerging developer tools are scaling without fully locking down security controls. The controversy began when an X user alleged that projects created on the platform prior to late 2025 were broadly accessible. According to the post, the individual was able to view other users’ application code, chat interactions with AI systems, and associated customer data u

A restricted cybersecurity model from Anthropic designed to probe and exploit software vulnerabilities has reportedly been accessed by unauthorized individuals, raising fresh concerns about the real-world containment of advanced AI systems built for offensive security research. According to reporting from Bloomberg, a small group gained access to Anthropic’s Claude Mythos Preview through a third-party contractor environment, bypassing intended restrictions using a combination

A new wave of supply chain attacks is hitting the npm ecosystem, and this time the blast radius is moving deeper into AI developer workflows. Security researchers at Socket say the latest campaign shows strong overlap with a previously identified wormable attack dubbed CanisterWorm, suggesting either a shared operator or direct reuse of adversary tooling. At the center of the incident are compromised packages tied to Namastex Labs, a company that promotes AI consulting and au

A brief but high-impact compromise of CPUID’s official website has exposed a growing weakness in the modern software supply chain. For less than 24 hours, attackers hijacked download links for widely used system utilities, replacing legitimate installers with malware-laced packages designed to silently establish remote access on victim machines. The incident, which unfolded between April 9 and April 10, targeted users attempting to download tools such as CPU-Z and HWMonitor.

This article was contributed by Dr. Jerome Farquharson, Managing Director and Senior Executive Advisor, Arcova Critical infrastructure operators have made measurable progress in strengthening cybersecurity through regulatory frameworks such as NERC CIP for electric power systems, TSA’s pipeline directives, and the EPA’s guidance for water utilities. These standards have helped sharpen accountability and increase the baseline of operational protection. However, regulation als