Information

AI security and governance startup Geordie today announced raising $30 million in a Series A funding round that brings the total raised by the company to $36.5 million. Founded in early 2025, London-based Geordie has built a platform that helps organizations secure and govern AI agents deployed across their environments, at scale. As organizations are increasingly relying on AI agents to automate operations at scale, they also require visibility, governance, and operational control to deploy…

Artificial intelligence is “an unstoppable force” that is being weaponized in ways that fall just short of traditional warfare, Britain’s cyberspying chief warned Wednesday. Anne Keast-Butler, director of the communications intelligence agency GCHQ, also said Britain and its allies are in “a space between peace and war” as Russia increases its “daily hybrid activity” against the West — even as Russian combat deaths in Ukraine approach 500,000. She said the West risks losing the conflict…

Securing software-as-a-service (SaaS) apps is hard. The standard cybersecurity controls are not designed for SaaS. The difficulty is the software doesn’t belong to the user and usually runs on somebody else’s infrastructure. Standard cybersecurity products are designed to operate on software owned by the user and housed on the users’ infrastructure. SaaS providers attempt to maintain security inside their apps, but they cannot control how they are used. Usage varies from user to user and…

A vulnerability patched a few months ago in the Ghost content management system (CMS) has been exploited to hack hundreds of websites, including ones belonging to major organizations, according to Chinese cybersecurity company Qianxin. The exploited vulnerability is tracked as CVE-2026-26980 and its existence came to light in February when it was patched. Ghost is a widely used open source CMS designed specifically for blogging, newsletters, and publishing, offering built-in tools for memberships, subscriptions, and…

Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Dubbed Underminr, the issue is a variant of domain fronting, a now-mitigated type of attack that enabled threat actors to place an allowed domain in the SNI and TLS certificate validation fields of an HTTPS request, while embedding a different target domain in the TLS tunnel’s encrypted HTTP host header. Because CDNs routed requests internally based…

Drupal is warning users that it’s already seeing attempts to exploit CVE-2026-9082, the highly critical vulnerability patched this week. The vulnerability affects an API designed to ensure that database queries are sanitized to prevent SQL injection. “A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL databases,” Drupal explains.  The flaw can be exploited by unauthenticated attackers to obtain information and in some…