Get started with Elastic Security from your AI agent
Go from zero to a fully populated Elastic Security environment without leaving your IDE, using open source Agent Skills.
General
20 articles
Standing up for the open Internet: why we appealed Italy’s "Piracy Shield" fine
Cloudflare is appealing a €14 million fine from Italian regulators over "Piracy Shield," a system that forces providers to block content without oversight. W...
Free parking in Russia after Distributed Denial-of-Service attack knocks city’s parking system offline
Drivers in the Russian city of Perm have been enjoying an unexpected bonus this week: free parking. Not because the city council suddenly decided to embrace ...
New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation
As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration. The post New Microsoft Purview innovat...
16th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 16th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES United St...
Security Flaw in AWS Bedrock Code Interpreter Raises Alarms
DNS-based attack in AWS Bedrock AgentCore lets AI sandboxes exfiltrate cloud data
UK: Companies House Web Glitch Exposes Corporate Details to Fraudsters
An issue with the Companies House website has put the personal and corporate information of millions at risk
Possible New Result in Quantum Factorization
I’m skeptical about—and not qualified to review—this new result in factorization with a quantum computer, but if it’s true it’s a theoretical improvement in ...
The AI Doomsday Clock: When AI Becomes a Business Dependency, Not a Tool
Most conversations about AI in business start with the wrong question of “Can AI do the job?” It is entirely the wrong place to start.
Deploy AWS applications and access AWS accounts across multiple Regions with IAM Identity Center
If your organization relies on AWS IAM Identity Center for workforce access, you can now extend that access across multiple AWS Regions with multi-Region rep...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m giving the Ross Anderson Lecture at the University of Cambridge’s Churchill College at ...
From legacy architecture to Cloudflare One
Learn how Cloudflare and CDW de-risk SASE migrations with a blueprint that treats legacy debt as an application modernization project.
Face value: What it takes to fool facial recognition
ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he'll demo it all at RSAC 2026
Managing Elastic Security Detection Rules with Terraform
Learn to define and deploy Elastic Security detection rules and exceptions using the Elastic Stack Terraform Provider vs detection-rules repository DaC capab...
How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS
As organizations scale their cloud infrastructure, maintaining proper lifecycle management of Amazon Machine Images (AMIs) is a critical component of their s...
Cyber fallout from the Iran war: What to have on your radar
The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses.
The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0
The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a cap...
Introducing Hacktics and Telemetry, a Podcast from Rapid7 Labs
If you spend your days building, shipping, defending, or fixing systems, you already know how this goes. A new technique shows up in a research thread, someo...
Your Signal account is safe – unless you fall for this trick
Signal, the encrypted messaging app trusted by security-savvy users around the world, has confirmed that hackers have managed to takeover accounts - with gov...
Trane Tracer SC, Tracer SC+, and Tracer Concierge
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, execute arbitrary commands, or ...