iOS 26.5 Brings Default End-to-End Encrypted RCS Messaging Between iPhone and Android

Apple on Monday officially released iOS 26.5 with support for end-to-end encryption E2EE to Rich Communication Services RCS in beta as part of a "cross-industry effort" to replace traditional SMS with a more secure alternative. To that end, E2EE RCS messaging is rolling out to iPhone users runnin...

Investing in the people shaping open source and securing the future together

Open source has always been about community. It's about maintainers who review pull requests late at night. Volunteers who respond to security reports from strangers. And communities that quietly power the world's software. The reality behind the commits is that maintainers get stretched thin. Th...

Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud

Technologies are evolving fast, reshaping economies, governance, and daily life. Yet, as innovation accelerates, so do digital risks. Technological change is no longer abstract for such a country as Lithuania, as well. From e-signatures to digital health records, the country depends on secure...

Extortion and ransomware drive over half of cyberattacks

In 80% of the cyber incidents Microsoft’s security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering. According to the latest Microsoft Digital Defense Report, written with our Chief Information Security Officer Igor...

Measuring the Attack/Defense Balance

"Who's winning on the internet, the attackers or the defenders?" I'm asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain's latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all...

Anonymity-Washing

Anonymization is a foundational principle of data privacy regulation, yet its practical application remains riddled with ambiguity and inconsistency. This paper introduces the concept of anonymity-washing -- the misrepresentation of the anonymity level of sanitized'' personal data -- as a critica...

ThreMoLIA: Threat Modeling of Large Language Model-Integrated Applications

Large Language Models LLMs are currently being integrated into industrial software applications to help users perform more complex tasks in less time. However, these LLM-Integrated Applications LIA expand the attack surface and introduce new kinds of threats. Threat modeling is commonly used to...

New whitepaper outlines the taxonomy of failure modes in AI agents

We are releasing a taxonomy of failure modes in AI agents to help security professionals and machine learning engineers think through how AI systems can fail and design them with safety and security in mind. The taxonomy continues Microsoft AI Red Team's work to lead the creation of systematizati...

Navigating Choppy Waters: Top Security Predictions from Rapid7's 2025 Webinar

It's that time of year again — one year is ending and another is set to begin.. And what a year it's been for the security community! The sheer scale of incidents has left SecOps teams breathless, so thinking about what could be in store next year can be overwhelming. But there's no need to panic...

Google and Apple cooperate to address unwanted tracking

Google and Apple have announced that they are looking for input from industry participants and advocacy groups on a draft specification to alert users in the event of suspected unwanted tracking. Samsung, Tile, Chipolo, eufy Security, and Pebblebee have stated that they will support the...

New research, tooling, and partnerships for more secure AI and machine learning

Today we’re on the verge of a monumental shift in the technology landscape that will forever change the security community. AI and machine learning may embody the most consequential technology advances of our lifetime, bringing huge opportunities to build, discover, and create a better world. Bra...

Best practices for AI security risk management

Today, we are releasing an AI security risk assessment framework as a step to empower organizations to reliably audit, track, and improve the security of the AI systems. In addition, we are providing new updates to Counterfit, our open-source tool to simplify assessing the security posture of AI...

A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Earlier this year, I reached out to Check Point researcher Eyal Itkin, who had published multiple flaws in several Remote Desktop Protocol RDP clients, including a vulnerability in mstsc.exe, the built-in RDP client application in Windows. While there were no active exploits detected in the wild,...

Let’s Continue the Skills Gap Conversation

Most analysis is that the cybersecurity skills gap or shortage is getting worse. ESG reported in CSOOnline that 2018 had the highest levels, at 51%, where organizations "claimed their organization had a problematic shortage of cybersecurity skills." It’s a complex problem, but I believe with...

The Cybersecurity Tech Accord: Time to Come Together to Combat Digital Threats

At Trend Micro we’re committed to making the world a safer place in which to exchange digital information. In fact, we’ve been protecting our customers from the ever-evolving threat landscape for nearly 30 years. But we know we can and must do more as an industry to combat the challenges we face...

The WireX Botnet: An example of cross-organizational cooperation

Introduction On August 17th, 2017, multiple Content Delivery Networks CDNs and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises...

Experts Converge at RFIDsec to Discuss NFC Security Implications

RFID security problems have been biting at the ankles of users and companies that deploy the technology for several years now, but they’ve been mostly on the fringes of mainstream security concerns. But now, as the technology becomes more widespread and pervasive, that is beginning to change...

97% of Cyber Crimes in Gurgaon Go Unreported, Say Police

Police in India report that 97 percent of cyber crimes remain unreported in Gurgaon, a city less than 20 miles from New Delhi. Industry representatives are now collaborating with law enforcement to tackle this issue, according to Times of India. Last week, the IT and business process outsourcing...