Microsoft released mitigations for YellowKey, a BitLocker bypass tracked as CVE-2026-45585.

The flaw can let attackers with physical access access encrypted data via WinRE.

Mitigations include switching TPM-only BitLocker to TPM+PIN and removing autofstx.exe from WinRE BootExecute.

Russia turns to Huawei's Chinese chips for AI development

Reports indicate that Russia is seeking to use advanced AI accelerators from Huawei to develop the AI model "GigaChat"; these chips have been developed by China as competitors to NVIDIA products.

7-Eleven confirms data breach claimed by the ShinyHunters gang.

Microsoft blames undismissible Teams location prompts on macOS update.

New Shai-Hulud malware wave compromises 600 npm packages.

Discord rolls out end-to-end encryption on voice, video calls.

CVE-2025-54539: Apache ActiveMQ NMS AMQP Deserialization Policy Bypass to RCE.

GhostTree: Unveiling Path Manipulation Techniques to Bypass Windows Security.

Android Malware Spotted Subscribing Victims to Paid Services Without Consent.

Microsoft warns two Defender vulnerabilities are being actively exploited in the wild.

CVE-2026-41091 could allow attackers to gain SYSTEM privileges locally.
CVE-2026-45498 is a denial-of-service flaw impacting Defender.

Showboat Linux malware targets Middle East telecom.