Posts

🟡 Medium | Source: The Hacker News Modern enterprise identity and access management (IAM) is increasingly fragmented across applications, machine identities, and decentralised teams, creating blind spots known as ‘Identity Dark Matter’ — activity that falls outside centralised IAM controls. Identity Visibility and Intelligence Platforms (IVIP) are emerging as a way to consolidate this visibility and reduce the exploitable attack surface. This matters because unmanaged identities are a primary vector for privilege abuse and lateral movement in cloud environments. ...

🟢 Low | Source: Schneier on Security Researchers are applying machine learning techniques to crack historical hand-written ciphers used in medieval correspondence, including diplomatic and personal communications. While academically fascinating, this work demonstrates that AI can systematically analyse and break pattern-based encryption schemes that were previously considered too obscure to decode at scale. It highlights the broader capability of AI to accelerate cryptanalysis against weak or legacy cipher designs. Architect’s Take: No immediate action is required, but this research serves as a timely reminder to audit any legacy or proprietary encryption schemes in your environment — AI-assisted cryptanalysis lowers the bar for breaking non-standard ciphers. Ensure all sensitive data at rest and in transit is protected by modern, well-vetted standards such as AES-256 and TLS 1.3, and avoid reliance on security through obscurity. ...

🟢 Low | Source: Schneier on Security Researchers are applying machine learning techniques to decode historical hand-written ciphers used in medieval correspondence, including diplomatic and personal communications. Whilst not a direct cybersecurity threat, it demonstrates AI’s growing capability to break encryption schemes that were previously considered uncrackable. This has broader implications for understanding how AI might be applied to attack legacy or weak cryptographic implementations. Architect’s Take: No immediate action required, but treat this as a signal to audit any legacy or non-standard encryption schemes in your environment — if AI can crack medieval ciphers, weak or deprecated algorithms (e.g. DES, MD5, RC4) are increasingly at risk. Ensure your cryptographic inventory is up to date and aligned with current NCSC guidance. ...

🟢 Low | Source: The Register — Security Anthropic has expanded its Glasswing partner programme fourfold, inducting 150 new organisations including the first non-US members, while UK banks have notably been excluded from the initiative. In parallel, OpenAI is offering UK financial institutions access to GPT-5.5, highlighting a competitive dynamic in AI partnerships within the regulated financial sector. The exclusion raises questions around data sovereignty, regulatory compliance, and which AI vendors UK-regulated entities can practically partner with. ...

🟢 Low | Source: The Register — Security Anthropic has expanded its Glasswing partner programme fourfold, inducting 150 new organisations including the first non-US members, while UK banks have notably been excluded. OpenAI has moved to fill the gap by offering UK financial institutions access to GPT-5.5. The development highlights growing competitive dynamics in enterprise AI access and raises questions about supply chain concentration risk for financial sector security teams. Architect’s Take: Cloud security architects in UK financial services should assess the security posture, data residency commitments, and compliance certifications of any AI provider they are offered as an alternative — do not treat OpenAI’s GPT-5.5 access as a like-for-like replacement for Anthropic without conducting due diligence on API security controls, data handling agreements, and regulatory alignment with FCA/PRA expectations. ...

🟠 High | Source: The Hacker News An unpatched vulnerability in Windows’ ‘search:’ URI handler can be exploited to leak a user’s NTLMv2 credential hash to an attacker, similar to a recently disclosed flaw in the Windows Snipping Tool (CVE-2026-33829). NTLMv2 hashes can be cracked offline or used in relay attacks to authenticate as the victim. The vulnerability remains unpatched, making it an active risk for any Windows environment, including cloud-connected hybrid setups. ...

🟠 High | Source: Microsoft Security Response Center A vulnerability in BusyBox wget versions up to 1.3.7 allows attackers to inject arbitrary HTTP headers by embedding carriage return, line feed, or other control characters into the URL path or query string — a technique known as HTTP response splitting or header injection. This can enable request smuggling, session hijacking, or cache poisoning depending on the backend infrastructure. Any Azure or cloud workload using an affected BusyBox version to make outbound HTTP requests may be at risk. ...

🟠 High | Source: Microsoft Security Response Center CVE-2026-25541 is an integer overflow vulnerability in the Rust ‘bytes’ crate, specifically within the BytesMut::reserve function. Integer overflows in memory management libraries can lead to heap buffer overflows, potentially enabling arbitrary memory corruption or remote code execution. This is particularly significant given the widespread use of the ‘bytes’ crate across cloud-native Rust applications and frameworks such as Tokio. Architect’s Take: Audit your Rust-based services and container images for dependency on the ‘bytes’ crate and update to a patched version immediately. Pay particular attention to any Azure-hosted workloads or pipelines that process untrusted input, as memory corruption vulnerabilities of this class can be exploited to achieve code execution. ...

🟡 Medium | Source: Microsoft Security Response Center CVE-2025-29923 affects go-redis, a popular Go client library for Redis, where a timeout during the CLIENT SETINFO command at connection establishment can cause responses to be returned out of order. This race condition can result in a client receiving incorrect data, potentially leading to data corruption or unintended application behaviour. Applications using go-redis in Azure or other cloud environments that rely on connection pooling may be silently affected. ...

🟠 High | Source: Microsoft Security Response Center CVE-2024-7598 is a race condition vulnerability in Kubernetes namespace termination that can allow an attacker to bypass network restrictions within Azure-hosted clusters. During the brief window when a namespace is being deleted, network policies may not be correctly enforced, potentially permitting unauthorised traffic between pods or services. This matters because it could allow lateral movement or data exfiltration in multi-tenant or segmented environments. ...