Search

tomshardware.com › tech-industry › cyber-security

Standard 90-day vulnerability disclosure policy is likely dead thanks to AI, expert warns that AI can weaponize patches in 30 minutes — LLM-assisted bug-hunting ushers in a new cyberworld order

… The vast majority of security exploits are rooted in specific bad programming habits, something a bot excels at noticing quickly and repeatedly. …

May 12, 2026 · Bruno Ferreira

tomshardware.com › software › linux

CISA flags actively exploited ‘Copy Fail’ Linux kernel flaw enabling root takeover across major distros — unpatched systems may remain vulnerable to attack

… Cybersecurity and Infrastructure Security Agency CISA added a newly disclosed Linux vulnerability, dubbed “Copy Fail,” to its Known Exploited Vulnerabilities catalog on May 1st, warning that the flaw, tracked as CVE-2026-31431, is already being used in active attacks and urging rapid patching acros… …

May 4, 2026 · Etiido Uko

tomshardware.com › tech-industry › cyber-security

Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild

… Microsoft has been in security news quite often recently, mostly thanks to its ongoing spat with security researcher Chaotic Eclipse aka Nightmare Eclipse , who published a heap of zero-days exploits after apparent negotiations with the company broke down. …

Jun 1, 2026 · Bruno Ferreira

tomshardware.com › tech-industry › cyber-security

Cyber Security News, Analysis and Features | Tom's Hardware

Cybersecurity Dirty Frag exploit gets root on most Linux machines since 2017, no patches available Cybersecurity College student hacks Taiwan high-speed rail line, stopping four trains Cybersecurity Security researcher says that Google is likely in violation of EU law and wasting thousands upon tho… …

May 8, 2026

tomshardware.com › software › linux

Linus Torvalds says flood of duplicate AI-generated vulnerability reports have made Linux security mailing list 'almost entirely unmanageable' — private list 'a waste of time for everybody involved' in switch to new public system

Linus Torvalds declared the Linux kernel's private security mailing list "almost entirely unmanageable" on Sunday in his weekly post to the Linux Kernel Mailing List LKML , blaming a flood of duplicate vulnerability reports generated by researchers running the same AI tools against the same code. …

May 18, 2026 · Luke James

tomshardware.com › tech-industry › cyber-security

Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick — YellowKey zero-day exploit demonstrates an apparent backdoor

There's nothing more dangerous than a bored engineer with a screwdriver, and hell hath no fury like a security researcher scorned. …

May 13, 2026 · Bruno Ferreira

tomshardware.com › software › linux

AMD's legendary K5, its first independently-designed processor, is being removed from the Linux kernel — 4.3-million-transistor chip gets the axe because it lacks Time Stamp Counter (TSC) support, making it a coding burden

… However, machines packing these retired processors can still be used in fun projects where a fully up-to-date security -hardened internet-connected patched OS isn’t essential. …

May 10, 2026 · Mark Tyson

tomshardware.com › tech-industry › cyber-security

Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation

… Regardless, the move to ban Eclipse's GitHub account makes for poor optics, as it is being heavily criticized, and ultimately achieves nothing for security, since the code is out there anyway. …

May 27, 2026 · Bruno Ferreira

tomshardware.com › pc-components

Researchers attack AMD's Infinity Fabric to bypass hardware security protections with 'Fabricked' — flaw lets malicious cloud hosts silently read confidential VM memory and forge attestation reports

… AMD SEV-SNP addresses this by creating hardware-isolated Confidential Virtual Machines, where memory is encrypted and access-controlled by a dedicated on-chip security processor called the PSP. …

May 19, 2026 · Etiido Uko

tomshardware.com › tech-industry › artificial-intelligence

Trump signs AI executive order seeking 30-day government access to frontier models before release — voluntary framework will include classified benchmark to determine which models qualify

… While it’s a voluntary framework that creates no licensing or pre-clearance requirement, it tasks the National Security Agency, the Cybersecurity and Infrastructure Security Agency CISA , and the National Institute of Standards and Technology with building a classified benchmark that decides which … …

Jun 3, 2026 · Luke James