Big Tech
Big Tech analyzes decisions by major platforms and their impact on security, privacy, infrastructure and the market. The cluster connects product announcements, strategic changes and technical consequences for users and businesses.
Microsoft Backtracks on Legal Threats Against Zero-Day Researcher Following Industry Backlash
Microsoft threatened criminal action against researcher Nightmare-Eclipse over six Defender zero-days, partially retracting its stance…
Edge Tab-Splitting and Invisible Phishing: The Pwn2Own Flaw
CVE-2026-45494: A Universal XSS in Microsoft Edge discovered by Orange Tsai leverages tab-splitting to mask malicious URLs. Update to…
Microsoft Retracts Legal Threats Against Researchers Following Zero-Day Disclosure Backlash
Microsoft threatened criminal prosecution against researcher Nightmare-Eclipse for publishing six Windows zero-days before walking bac…
Microsoft Patched This Pwn2Own Edge RCE Weeks Ago—But the Disclosure Gap Leaves Enterprises Exposed
CVE-2026-45495: A directory traversal vulnerability in Microsoft Edge feedback logs enables remote code execution. While Microsoft rel…
Edge Vulnerability CVE-2026-45492: Origin Validation Error Bypasses Windows VBS
A flaw in Microsoft Edge’s cross-device sign-in mechanism, tracked as CVE-2026-45492, allows attackers to bypass Windows Virtualizatio…
Google Gemini Hijacked via Messaging Notifications: The 'Dual Illusion' Attack
SafeBreach researchers have demonstrated how the Google Gemini voice assistant on Android can be hijacked through indirect prompt inje…
Microsoft Refuses to Patch Windows Search URI Flaw Enabling NTLM Hash Theft
Huntress has disclosed an unpatched vulnerability in the Windows search: URI handler that allows attackers to steal NTLMv2 hashes via…
Cybanetix Launches Managed AI Service: AI-Native MDR Powered by Four-Vendor Stack
Cybanetix has unveiled its Managed AI Service, integrating NOMA, SentinelOne, Microsoft, and Exabeam under a unified 24/7 SOC with a s…
Microsoft Patched a Critical SharePoint RCE but Omitted the CVE from Official Documentation
CVE-2026-45659, a CVSS 8.8 SharePoint Server RCE, was missing from Microsoft’s May 2026 security update list. While the patch was dist…
Poisoned AI Chatbots: A New Vector for High-Performance GPU Cryptojacking
Microsoft has identified an active campaign that manipulates AI chatbot recommendations to distribute GPU-based cryptojacking malware…
Chrome 148: Google Patches 151 Vulnerabilities, Including 22 Critical Flaws
Google has released Chrome 148, addressing 151 security vulnerabilities with 22 rated at maximum criticality. The update includes over…
Apple macOS USD Library Flaw Enables Information Disclosure and Exploit Chaining
A vulnerability in the macOS Universal Scene Description (USD) library (ZDI-26-315) allows for out-of-bounds reads and potential code…