Browsing Category
Security
61 posts
Cybersecurity news, software supply chain risk, privacy threats, and practical security guidance.
ElevenLabs SynthID Rollout Makes AI Voice Watermarking a Public Test
ElevenLabs has started adding Google DeepMind’s SynthID watermark to free text-to-speech generations and plans to expand it across all audio products in July. The move gives listeners a public detector for ElevenLabs-generated audio, but watermarking still has limits that matter for deepfake investigations and platform policy.
GitHub Code Quality Goes Paid July 20: What Teams Should Audit Now
GitHub Code Quality becomes a paid product on July 20, adding a $10-per-active-committer license, GitHub AI Credits for AI-powered checks, and GitHub Actions minutes for CodeQL scans. Teams using the free preview should audit enabled repositories, active committers, Actions usage, AI review behavior, and merge-blocking rules before billing starts.
PTC Windchill Exploits Put Manufacturing PLM Systems on Patch Clock
CISA added CVE-2026-12569, a critical PTC Windchill and FlexPLM remote code execution flaw, to its Known Exploited Vulnerabilities catalog with a June 28 deadline. The bug is being used to deploy JSP web shells against product lifecycle management systems that often sit deep inside manufacturing and engineering workflows.
Windows 10 Security Updates Now Run Through October 2027
Microsoft has extended consumer Windows 10 Extended Security Updates through October 12, 2027. Here is what the extra year covers, who qualifies, how enrollment works, and why it is still not full Windows 10 support.
FCC Turns Emergency Alert Cybersecurity Into a Baseline Requirement
The FCC adopted targeted cybersecurity rules for Emergency Alert System participants after years of warnings about default passwords, unpatched gear, and internet-exposed alerting equipment. Broadcasters and cable operators will have 60 days after Federal Register publication to meet the new baseline.
Anthropic’s Mythos Test Shows Why AI Cyber Defense Is Becoming Classified Work
An Anthropic Mythos test with U.S. intelligence agencies reportedly found vulnerabilities in highly sensitive government systems within hours. The episode sharpens the policy problem around frontier AI: the same models that can help defenders fix critical software can also compress the timeline for attackers.
OpenAI Launches GPT-5.6 Sol Under Government-Restricted Preview
OpenAI has launched GPT-5.6 Sol, Terra, and Luna in a restricted preview after U.S. government review. The release brings new pricing, API and Codex access limits, stronger cyber safeguards, and a clearer look at how frontier model launches are becoming governed deployments.
curl 8.21.0 Fixes 25-Year-Old libcurl mTLS Bug
curl 8.21.0 fixes 18 security flaws, including CVE-2026-8932, a 25-year-old libcurl mTLS connection-reuse bug. The practical risk is in applications that embed libcurl and change client certificate settings while reusing connection pools.
Citizen Lab Says Russia Used Cellebrite on Activist’s iPhone After Cutoff
Citizen Lab says Russian authorities used Cellebrite forensic tools on activist Andrey Pivovarov’s iPhone months after Cellebrite said it had stopped selling to Russia and Belarus. The case turns phone forensics into a control problem: what happens when extraction tools keep working after a vendor cuts off a customer?
Mandiant Details Cisco SD-WAN Attack That Turned a Malicious CSV Into Root Access
Mandiant says an attacker used rogue Cisco Catalyst SD-WAN peering, admin password manipulation, and CVE-2026-20245 to gain root access through a malicious CSV upload. The new details make the June SD-WAN advisories an incident-response problem, not just a patching task.