Search

tomshardware.com › tech-industry › cyber-security

Standard 90-day vulnerability disclosure policy is likely dead thanks to AI, expert warns that AI can weaponize patches in 30 minutes — LLM-assisted bug-hunting ushers in a new cyberworld order

… The vast majority of security exploits are rooted in specific bad programming habits, something a bot excels at noticing quickly and repeatedly. …

May 12, 2026 · Bruno Ferreira

tomshardware.com › software › linux

CISA flags actively exploited ‘Copy Fail’ Linux kernel flaw enabling root takeover across major distros — unpatched systems may remain vulnerable to attack

… Cybersecurity and Infrastructure Security Agency CISA added a newly disclosed Linux vulnerability, dubbed “Copy Fail,” to its Known Exploited Vulnerabilities catalog on May 1st, warning that the flaw, tracked as CVE-2026-31431, is already being used in active attacks and urging rapid patching acros… …

May 4, 2026 · Etiido Uko

tomshardware.com › tech-industry › cyber-security

Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation

… In this day and age, when AI-powered security research has arguably made the standard 90-day disclosure-to-patch window completely obsolete, and both time-until-exploit and unused exploits are both nearing zero , Microsoft and other software players would do well to adjust their policies. …

May 27, 2026 · Bruno Ferreira

tomshardware.com › tech-industry › cyber-security

First Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS — Claude Mythos helps security researchers bypass Memory Integrity Enforcement

Thanks to AI-assisted security research, hackers with hats of various colors are finding exploits everywhere. …

May 16, 2026 · Bruno Ferreira

tomshardware.com › tech-industry › cyber-security

AI shrinks zero-day exploit time from a year to a single day, heading toward one minute — Zero-Day Clock warns security window has collapsed

… The biggest recommendation is to make software makers liable for damaging security vulnerabilities, as well-known cybersecurity master Bruce Scheiner explains: "No industry in the past 150 years has improved safety or security without being forced to by the government." He additionally points out t… …

May 26, 2026 · Bruno Ferreira

tomshardware.com › pc-components

Researchers attack AMD's Infinity Fabric to bypass hardware security protections with 'Fabricked' — flaw lets malicious cloud hosts silently read confidential VM memory and forge attestation reports

… AMD acknowledged the vulnerability following ETH Zurich's responsible disclosure in August 2025, assigned it CVE-2025-54510, and published security guidance under advisory AMD-SB-3034 when the embargo lifted in April 2026. …

May 19, 2026 · Etiido Uko

tomshardware.com › tech-industry › cyber-security

Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor

… They did this after their disclosure reports were allegedly dismissed by Microsoft's security team, resulting in a vendetta of sorts. …

May 13, 2026 · Bruno Ferreira

tomshardware.com › tech-industry

Record-high pricing pushes SSD and memory makers to borrow $880 million just to afford buying chips — Adata, TeamGroup, and others take on substantial debt to survive shortages

… In March, Adata’s revenue exceeded NT$10 billion for the first time, and its Q1 total of NT$26.11 billion more than doubled year over year, according to the company's monthly revenue disclosures. …

May 18, 2026 · Luke James

tomshardware.com › tech-industry › cyber-security

Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud'  malware infection — supply-chain campaign spreads across npm and AI developer ecosystems like wildfire

… The compromises are still under investigation, and additional affected packages may emerge as maintainers and security firms continue auditing publishing infrastructure and compromised credentials. …

May 12, 2026 · Etiido Uko

tomshardware.com › tech-industry › cyber-security

Google Chrome 'silently' downloads 4GB AI model to your device without permission, report claims — researcher says practice may violate EU law, waste thousands of kilowatts of energy

… According to the researcher, this happened without any user prompt or meaningful disclosure, and the integration would reinstall itself if removed. …

May 6, 2026 · Zak Killian