A security researcher claims Microsoft quietly fixed an Azure Backup for AKS vulnerability after rejecting his report, and blocking a CVE from being issued.
The researcher’s report describes a critical privilege escalation flaw that allowed cluster-admin access from the low-privileged “Backup Contributor” role.
Microsoft disputes the claim, telling BleepingComputer the behavior was expected and that “no product changes were made,” despite the researcher documenting new permission checks and failed exploit attempts after disclosure, suggestive of a silent patch.
Security researcher Justin O’Leary discovered the security flaw this March, and reported it to Microsoft on March 17.
Microsoft Security Response Center (MSRC) rejected the report on April 13, claiming the issue only involved obtaining cluster-admin on a cluster where “the attacker already held administrator access,” a characterization O’Leary says misrepresents the attack entirely.
“This is factually incorrect,” states the researcher.
“The vulnerability allows a user with zero Kubernetes permissions to gain cluster-admin. The attack does not require existing cluster access — it grants it.”
O’Leary further says that Microsoft described the submission to MITRE as “AI-generated content,” something he says did not address the technical merits of the report.
After the rejection, O’Leary escalated the issue to CERT Coordination Center, which independently validated the vulnerability on April 16 and, according to the researcher, assigned it an identifier, VU#284781:
CERT/CC had initially scheduled public disclosure for June 1, 2026, but that disclosure never happened.
On May 4, Microsoft staff reportedly contacted MITRE recommending against CVE assignment, again arguing the issue required pre-existing administrative access:
CERT/CC later closed the case under CNA hierarchy rules, effectively leaving Microsoft (which is a CNA) with final authority over CVE issuance for its own products.
Azure Backup for AKS uses Trusted Access to grant backup extensions cluster-admin privileges inside Kubernetes clusters.
According to O’Leary, the flaw allowed anyone with only the Backup Contributor role on a backup vault to trigger that Trusted Access relationship without already having Kubernetes permissions.
An attacker could enable backup on a target AKS cluster, causing Azure to automatically configure Trusted Access with cluster-admin privileges. From there, an attacker could extract secrets through backup operations or restore malicious workloads into the cluster.
O’Leary classified the issue as a Confused Deputy vulnerability (CWE-441), where Azure RBAC and Kubernetes RBAC trust boundaries interacted in a manner that bypassed expected authorization controls.
BleepingComputer reached out to Microsoft to understand if the tech giant considered this finding to be a valid security vulnerability.
A Microsoft spokesperson told BleepingComputer:
“Our assessment concluded that this is not a security vulnerability, but rather expected behavior that requires pre-existing administrative privileges within the customer’s environment. Therefore, no product changes were made to address this report and no CVE or CVSS score were issued.”
However, following the disclosure of his report this month, O’Leary observed that the original attack path no longer works.
“Current behavior returns errors that did not exist in March 2026,” he states:
ERROR: UserErrorTrustedAccessGatewayReturnedForbidden
“The Trusted Access role binding is missing/has gotten removed”
According to O’Leary, Azure Backup for AKS now requires Trusted Access to be manually configured before backup can be enabled, reversing the earlier behavior where Azure configured it automatically.
He also observed additional permission checks that were absent during his original testing in March. The vault MSI now requires Reader permissions on both the AKS cluster and snapshot resource group, while the AKS cluster MSI requires Contributor permissions on the snapshot resource group.
In other words, the vulnerability appears to have been fixed, but Microsoft has neither issued a public advisory nor notified customers.
Without a CVE or advisory, defenders have little visibility into the exposure window or remediation timeline.
“Organizations that granted Backup Contributor between an unknown start date and May 2026 were exposed to privilege escalation,” writes the researcher.
“Without a CVE, security teams cannot track this exposure. Silent patching protects vendors, not customers.”
The case highlights a structural problem with no easy fix.
Disputes between security researchers and major vendors over severity, exploitability, and disclosure have become common in recent years, especially as vulnerability disclosure programs face increasing volumes of reports.
Some open-source maintainers have also publicly complained that AI-assisted reports are overwhelming bug bounty and security triage systems, making it harder for legitimate findings to receive timely attention. Cases where big tech ignored patching valid flaws despite repeated contact by different researchers are not uncommon either.
Without a framework that realigns incentives for all parties, responsible disclosure risks becoming a bureaucratic exercise that serves no one—least of all the organizations left exposed in the dark.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Public Sector
Are you ready to RAAC?
England’s Department for Education is
advertising a role paying up to £200,000 a year to lead a new digital and
infrastructure group overseeing school buildings and maintenance, as well as technology and data.
Its Director General, Digital and
Infrastructure, will lead the technology function of
around 1,800 staff, develop a new strategy covering digital services, data, and artificial intelligence, and lead work on a unique identifier
for children and other learners in England. Scotland, Wales, and
Northern Ireland run education services on a devolved basis.
The successful candidate will also
implement a new strategy for “the education estate” of schools,
colleges, nurseries, and children’s homes. The job ad warns the function “carries
some of the highest levels of risk and accountability in the
department – including life-and-death decisions on safety,” citing ongoing work to remove unsafe reinforced
autoclaved aerated concrete (RAAC) from schools.
“I am looking for a leader who is
motivated by impact – someone who is able to combine their digital
and data expertise with their drive to improve outcomes for children
and young people,” writes the department’s permanent secretary, Susan Acland-Hood, in a briefing document with the advert. “Whilst
you do not need to be an expert on education policy, you need to be
curious and committed to rapidly building your understanding of the
latest evidence, system, and policy landscape.”
The department is willing to base the
job in Bristol, Cambridge, Coventry, Darlington, London, Manchester,
Nottingham, or Sheffield, although those who do not work in the
capital will need to go there frequently. Applications close on June 1.
Several other departments have
recently advertised digital director-general posts, the civil service
job category just below permanent secretary (equivalent to chief
executive). In January, England’s Department of Health and Social Care
advertised the role of director general for technology, digital and
data with a salary of up to £285,000 a year.
In February, the Ministry of Defence offered £270,000 to £300,000
for its chief digital and information
officer job. And in April, the Department for Science, Innovation and Technology
advertised for three directors-general, one paid £174,000 and the
other two paying between £200,000 and £260,000 annually. ®
There’s nothing wrong with wanting a bargain when you buy a new vehicle. Finding a reasonably-priced car definitely helps ease the pocketbook, especially when everything else just gets more and more expensive. To get the most bang for your buck here, then, you’ll want something from a brand known for making affordable and reliable products, and any list of those brands must include Toyota — after all, it dethroned Subaru as Consumer Reports’ most reliable brand in 2025
Toyota produces several vehicles that won’t break the bank for the 2026 model year, such as the Camry and Prius, which both have starting prices under $30,000. However, if you want the absolute cheapest Toyota, you need to turn to the 2026 Toyota Corolla. Toyota has been producing the Corolla since the mid-1960s, and it’s been a wonderful budget-friendly option for those wanting a compact car from the beginning. As of mid-2026, the Corolla is the tenth best-selling vehicle in the United States for the year, and JD Power ranks it as the most dependable compact car on the market.
The 2026 Toyota Corolla has a starting price of just $23,125 (plus a $1,295 delivery, processing, and handling fee) for the base LE trim. That makes it $1,455 less than the second-cheapest Toyota, the 2026 Corolla Hatchback. While that’s definitely very affordable, going with the cheapest possible Corolla means you’ll be missing out on quite a few options available on higher-priced variants.
There’s a lot that comes standard with even the most basic 2026 Toyota Corolla LE. Maybe most surprisingly, you get treated to a vast array of safety features, like blind spot monitoring, cross-traffic alerts, pedestrian detection, lane tracing assist, and more. You also get to enjoy the conveniences of Apple CarPlay or Android Auto. These may be enough to entice some buyers, but there are some features that the base LE trim simply cannot provide.
One of the sillier ways Toyota can get more money out of you is with what color you want your car to be. The Corolla comes in eight colors, but two of them cost extra. If you want a car that is Ruby Flare Pearl or White Chill Pearl, that’ll cost you an additional $475. You will also have to pay more for your Corolla LE if you want a push-button start, keyless entry, or wireless charging for your devices. Those are all available in a premium package that costs $1,135.
Then there are all the things you have to choose a different, more expensive trim to get. If you want a hybrid powertrain, you’re looking at a starting price of $24,975 (plus the $1,295 fee). Some features, like the upgraded JBL audio system, aren’t even available as an upgrade on the LE and will require a higher-end trim. The Corolla LE doesn’t even offer variable speeds for your intermittent windshield wipers. You do get a lot for a low price with the 2026 Toyota Corolla LE, but you can’t get everything.
When you visit certain large sites in Firefox or Safari, the browser may detect your visit and change its behavior. It could be as simple as lying about its identity, or it may totally change how it renders the page. But according to a post by [Den Odel], this isn’t a conspiracy between browsers and big Internet — rather, it is a byproduct of Chrome’s dominance.
Here’s how it goes. Chrome puts out a new feature and everyone rushes to implement it on their site. Maybe the new code breaks other browsers. Maybe the other browser supports the feature, but the website doesn’t detect it correctly or is unaware. Maybe it just relies on some quirk of Chrome. Regardless, Firefox and Safari will change to match the site rather than mess up the user’s experience.
If you want to check it out, Firefox will show you what it does and let you disable specific fixes if you visit the about:compat URL. For Safari, you’ll have to read code from a file named quirks. Bugzilla tracks the fixes for Firefox, if you want more details.
Browsers are huge and complex so even niche browsers, today, usually use one of a handful of rendering engines. It seems that the question isn’t if a big company should control the way the web works. It is more a question of which one is currently dominating.
If you’ve ever accidentally grabbed the diesel fuel nozzle at the gas pump, then you know just how scary of a moment it can be. Though the nozzle itself likely won’t fit the filler neck on your vehicle, it doesn’t stop you from panicking a bit at the thought of getting diesel into your gas engine. That’s exactly what happened to some drivers in East El Paso, but it was through no fault of their own.
The incident took place in early May 2026 at a Circle K station in El Paso, Texas. Drivers began reporting problems with their vehicles after fueling up, and it was discovered that a third-party delivery caused diesel fuel to accidentally be pumped into a gasoline storage tank. Customer complaints included everything from stalling engines, to loss of power, and in some cases, failure to start altogether. Some customers even needed vehicle repairs, which took place after mechanics identified the issue as fuel contamination.
The company said only the premium and mid-grade tanks were affected, and sales of those fuels were stopped after the issue was discovered. Following this move, the contaminated tank was emptied, cleaned, and refilled with gasoline. Testing later confirmed that the problem was corrected, and normal business has resumed at the location. As of this writing, Circle K is still reviewing and processing customer claims related to the incident.
The reason diesel fuel negatively impacts a gas engine has to do with a number of factors, beginning with how each system is designed to work. Diesel fuel is visibly thicker than gas, less combustible, and meant for use in compression-ignition engines. This means that diesel cannot properly ignite in a gasoline engine. What’s more, it can also clog both fuel filters and injectors, which can wreak havoc on normal fuel delivery. If enough diesel fuel gets into a gasoline engine, serious damage can occur.
Similarly, when gasoline goes into a diesel engine, it causes havoc as well. Gasoline is thinner, more combustible, and is designed for spark-ignition gas engines. Because of this, predictably, gas won’t properly ignite in a diesel engine, causing the engine to run rough, produce excessive smoke, lose power, or struggle to start up. In this case, fuel injectors, fuel lines, and other components, can be affected, which could lead to severe damage to the engine.
For drivers that suspect they have the wrong fuel in their engine, whether diesel or gas, the best move is to not start it. Starting up, and especially driving, can contaminate the fuel system, and eventually, the rest of the engine. A local mechanic should be contacted next, to determine the best course of action. The vehicle may need to be towed in for service, where the problem can be addressed as soon as possible.
During the Trinity nuclear test on July 16, 1945, in the New Mexico desert—the world’s very first test of an atomic bomb—a new material spontaneously formed. It was discovered only recently, by an international research team coordinated by geologist Luca Bindi at the University of Florence, which identified the novel clathrate based on calcium, copper, and silicon. It’s a material never before observed either in nature or as an artificial compound created in the laboratory.
The term “clathrates” denotes materials characterized by a “cage-like” structure that traps other atoms and molecules inside, giving them unique properties. Of great technological interest, these materials are being studied for various applications ranging from energy conversion (as thermoelectric materials capable of transforming heat into electricity) to the development of new semiconductors, to gas storage and hydrogen for future energy technologies.
To discover the new material, researchers focused on trinitite, a silicate glass containing rare metallic phases. Using some techniques like x-ray diffraction, the team was able to identify a type I clathrate based on calcium, copper, and silicon within a tiny copper-rich metal droplet embedded in a sample of red trinitite.
The new material, the researchers say, formed spontaneously during a nuclear explosion. This indicates that the extreme conditions, such as extremely high temperatures and pressures, can generate new materials that are impossible to obtain by traditional methods.
The discovery is even more interesting because in the same detonation event another very rare material was formed: a silicon-rich quasicrystal, already documented by the team of experts led by Bindi a few years ago.
A quasicrystal, as Bindi told WIRED at the time, is something that is not a crystal, but looks a lot like one. “Their peculiarity,” he said, “is that the atomic arrangement that is not periodic, but nearly so, creates incredible symmetries from which derive amazing physical properties, among other things, very difficult to predict.”
Establishing the link between these structures therefore helps scientists better understand how atoms organize under extreme conditions and expand the possibilities for designing new materials. “Events such as nuclear explosions, lightning strikes, or meteoritic impacts function as true natural laboratories,” the researchers explain. “They allow us to observe forms of matter that we cannot easily reproduce in the laboratory.”
In essence, this research opens new vistas for the development of innovative technologies, demonstrating that even destructive events can bequeath discoveries useful for the future.
This story originally appeared in WIRED Italia and has been translated from Italian.
Although Windows CE doesn’t use the NT kernel, it’s similarly designed to run on a wide variety of system architectures. Since the Nintendo 64 uses a MIPS CPU it should basically just run either kernel. You might assume that the N64’s rather limited specs are a bit of a problem, but fortunately Windows CE is designed to run on a digital potato, and requires only a MB of RAM. Since that just so happens to be what the N64 has under the hood, [Throaty Mumbo] was optimistic about getting Windows CE running on the 1990s game console.
The idea for this project came when [Throaty] was tinkering with an IBM Workpad Z50 laptop that uses almost the same CPU as the N64 and also runs Windows CE. Although said laptop is probably a lot more practical of a platform to run Windows on, this didn’t mean that it wouldn’t be a fun challenge.
Since CE was intended to be customized by companies for their own embedded hardware this means that you can use an official SDK, such as Microsoft Windows CE 2.11 Platform Builder. Making Windows CE 2.11 run on an N64 thus involves creating a board-specific configuration and compile that against said SDK.
If you want to give it a shot yourself, the entire project is available on GitHub which is where you find most of the technical details as well. When using a flash cart such as the EverDrive, you can also put applications on the SD card and run them from within the Windows GUI. You’ll still be limited by the N64 hardware, but otherwise the experience is very smooth as the video below demonstrates.
Looking for the most recent Connections answers? Click here for today’s Connections hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle, Connections: Sports Edition and Strands puzzles.
I thought today’s NYT Connections puzzle was pretty tricky. Read on for clues and today’s Connections answers.
The Times has a Connections Bot like the one for Wordle. Go there after you play to receive a numeric score and to have the program analyze your answers. Players who are registered with the Times Games section can now nerd out by following their progress, including the number of puzzles completed, win rate, number of times they nabbed a perfect score and their win streak.
Read more: Hints, Tips and Strategies to Help You Win at NYT Connections Every Time
Here are four hints for the groupings in today’s Connections puzzle, ranked from the easiest yellow group to the tough (and sometimes bizarre) purple group.
Yellow group hint: It may convey fluids or other materials.
Green group hint: What a con artist does.
Blue group hint: Earl Grey, hot.
Purple group hint: Place for education.
Yellow group: Conduit.
Green group: Swindle.
Blue group: Tea-making verbs.
Purple group: “School” modifiers.
Read more: Wordle Cheat Sheet: Here Are the Most Popular Letters Used in English Words
The completed NYT Connections puzzle for May 17, 2026.
The theme is conduit. The four answers are duct, line, main and pipe.
The theme is swindle. The four answers are fleece, hose, squeeze and stiff.
The theme is tea-making verbs. The four answers are boil, pour, steep and strain.
The theme is “school” modifiers. The four answers are grade, grammar, high and primary.
We’ve made a note of some of the toughest Connections puzzles so far. Maybe they’ll help you see patterns in future puzzles.
#5: Included “things you can set,” such as mood, record, table and volleyball.
#4: Included “one in a dozen,” such as egg, juror, month and rose.
#3: Included “streets on screen,” such as Elm, Fear, Jump and Sesame.
#2: Included “power ___” such as nap, plant, Ranger and trip.
#1: Included “things that can run,” such as candidate, faucet, mascara and nose.
Gardyn Home 4.0 (read my full review here) was one of the easiest indoor gardens to assemble set up out of the box; it also yielded the most dramatic success of any of the brands I tried. Flowers, kohlrabi, thyme, and even a whole cauliflower all thrived in this pipe-based system with the lights in front to allow for taller plant growth.
Seeds arrive in proprietary pods called yCubes. Part of what makes the Gardyn foolproof is the subscription app add-on, “Kelby,” which monitors your plants via attached sensors and cameras. It delivers customized watering and lighting schedules, as well as maintenance suggestions via AI (which an anonymous source told me is basically OpenAI’s ChatGPT with an overlaid prompt). This subscription adds an additional $259 a year to the base purchase price, though it includes a certain number of credits per month, depending on whether you have the Home or Studio model, with which to buy new yCubes. There’s a free 30-day trial for Kelby, but you can use the Gardyn without it by relying on manual light and watering controls. Also, there have been some recent privacy concerns with Kelby (more below).
Each Gardyn purchase comes with your choice of yCube sets: “Salad Lover,” “Budding Florist,” or “Chef Faves.” I’ve tried both “Budding Florist” and “Chef Faves,” and my favorite is the latter; it has an interesting variety of everything from breen and Tokyo bekana greens to Thai basil and miniature sunflowers. Though Gardyn recommends starting the yCubes in the company’s add-on $80 nursery, I’ve germinated plenty of yCubes right in the system just fine. (Make sure you don’t add nutrients until they sprout. If you’re germinating yCubes later on, when nutrients are already in the system, you can just use a shallow bowl with loosely tented plastic wrap.) The seeds arrive tucked in mineral wool, snug in their little yCubes that slot into larger cups (“yPods”) that fit into the pipes. When the Gardyn waters the plants, the yPods fill with nutrient-infused water, and the plants’ roots grow right into the water.
Once a month, the base needs to be emptied and scrubbed. Every few weeks, the roots need to be checked for root rot and growth outside the yPod, examined for whether it’s time to prune, and/or tucked back in if they’ve wandered too far. This maintenance is admittedly a bit laborious, and if you do not do it consistently, you will be very sorry when it’s time to clean the Gardyn and prepare it for its next planting. (Ask me how I know!)
I now have two Gardyns, a Home 4 and a Studio 2, which features an upgraded camera and columns. Aside from some funky yCubes (which the company will replace upon request), I have no major complaints about the system. Though I will note that the plants in the Studio have been overall less lush due to the Studio’s having one light bar rather than two, which is why my primary recommendations remains the Home. I also like that Gardyn offers a Vacation Mode, which adjusts the lighting and watering to slow growth and minimize maintenance tasks while you’re away.
NOTE: On February 24, 2026, and April 2, 2026, the US Cybersecurity and Infrastructure Security Agency (CISA) released advisories regarding vulnerabilities in Gardyn Home and Studio devices. These security weaknesses could have allowed someone to take remote control of a Gardyn device, access plant photos, and obtain personal information such as names, addresses, phone numbers, and email addresses. Gardyn claims these vulnerabilities have been remediated with the most recent firmware update, and advises customers to ensure their Gardyns are internet-connected and running firmware version 619 or later. If you think your device may have been compromised, email [email protected] or call 844-4-GARDYN. For more information, see Gardyn’s Security update for Gardyn Home and Gardyn Studio.
| Light Cycle | 14 to 16 hours |
| Pump Cycle | 5 minutes, 3 times a day (varies with Kelby) |
| Spots for Plants | 16 (Studio) or 30 (Home) |
| Nutrients Included | 7-inch-tall bottle of 7-3-11 plant food (plenty for one cycle) |
| Plants to Choose From | 100+ |
| Maintenance Needs | (Varies with Kelby.) Clean tank and replace water with new nutrients every four weeks, check and reroute roots every three or so weeks, top off tank with water and nutrients as needed. |
| Ease of Resetting After Each Planting (Out of 10) | 2/10 (each column section and yPod will need to be scrubbed; if you fail to check and reroute roots every two weeks, this could lower to a 1/10) |
| Can You Grow Your Own? | Yes; Gardyn sells yCubes for your own seeds for $5 each. (Or you can just get creative.) |
| Dimensions | Approx. 24″ H x 16″ W x 7″ D |
| Power Consumption | 40 watts |
| Warranty | 2 years |
| How was test unit obtained? | Press sample from company |
| Where is it now? | Still in long-term testing |
While the idea is appealing, I have never fully enjoyed using the speech-to-text feature for voice typing. I understand why it exists, and I have used it in a pinch. But it has always felt like one of those phone features that works just enough times to be useful, and not often enough to be conveniently reliable.
It’s not just about speaking clearly; the problem is a bit more subtle. You have to avoid doubling back mid-sentence, or you have to pretend your brain naturally produces clean text messages in one smooth pass. And since mine does not, I’m looking forward to Google’s new Rambler feature for Gboard. It’s a part of the Gemini Intelligence on Android, but what has my attention is how it works.
Rambler turns natural spoken thoughts into concise text. Google says that it can deal with the way people actually speak, including self-corrections, repeated words, and filler sounds like “ums,” “ahs,” and “likes.” This might sound boring until you think about how often typing is the slowest part of using a phone.
Modern smartphones now sport near 7-inch displays that are fantastic for watching, reading, and gaming. But typing on them or using them with one hand is still annoying. And with the screen getting taller, there’s an awkward reaching game to hit the letters at the far side of a wider keyboard. Trying to reply while walking, carrying a bag, sitting in a cab, or holding coffee usually means typos, shorter replies, or waiting until both hands are free.
Voice typing should have been the obvious fix. The problem is that raw speech-to-text often gives you exactly what you said, and people don’t speak in rigid sentence structures. Real speech has pauses, restarts, half-formed thoughts, and random corrections. A voice note can carry that chaos because tone helps. A text message cannot.
Rambler’s solution is simple. Google is letting you talk how you’d normally do in a conversation or voice note. But rather than getting the exact wording and focusing on accuracy, Rambler will pick out the important parts and fit them into a message that still sounds like you.
The great part about being bilingual is how two different languages blend during natural speech. So it was great to hear that multilingual support is available right from the get-go. Google says Rambler can switch between languages in a single message using Gemini’s multilingual model, including examples like English mixed with Hindi. A lot of people, like myself, do not text in one language alone.
We switch depending on the person, the mood, or the context. Standard voice typing can struggle when a sentence naturally moves between languages. It might get the words right, though it skips the rhythm. If Rambler can actually preserve that mixed-language flow while cleaning up the clutter, it becomes far more practical than a generic “make this sound professional” AI button.
I am not convinced this becomes a daily habit for everyone. A lot of people already type fast enough. Some prefer voice notes. Others may not want to talk to their phone in public, no matter how smart the transcription gets. There is also a privacy comfort test. The company claims that it will show when Rambler is enabled, and that audio is only used to transcribe in real time and is not stored or saved. Still, it has to prove that it is fast and low-effort to really stick around. But at least, Google is promising that you don’t have to think twice before speaking or make perfect sentences.
Computer Weekly reports on “the long-awaited reform of Britain’s outdated Computer Misuse Act of 1990 — which has hamstrung the work of the nation’s cyber security professionals and researchers for years.”
The Computer Misuse Act was passed 35 years ago in response to a high-profile hacking incident involving no less than the King’s father, the late Duke of Edinburgh. It defined the offence of unauthorised access to a computer — which has been used successfully in countless cyber crime prosecutions over the years. However, as the cyber security landscape has developed into its current form, this language has become increasingly vague and for some years now, a growing number of bona fide security professionals have been arguing that it potentially criminalises their work because from time to time, they may need to gain covert access to IT systems in the course of legitimate research.
Speaking to Computer Weekly in 2025, Belfast-based security consultant Simon Whittaker described how the police showed up at his front door after his research was erroneously implicated in the infamous WannaCry incident of 2017… Sabeen Malik, vice-president for global government affairs and public policy at Rapid7, added: “As AI-driven vulnerability discovery scales, defenders need to run automated scanning, agentic red-teaming, and large-scale vuln research at machine speed — activities the 1990 Computer Misuse Act’s broad unauthorised-access provisions were never designed to accommodate, leaving UK researchers exposed to criminal risk for work their adversaries face no equivalent friction performing.”
The reforms are part of a new bill that’s “enhancing the powers available to law enforcement and the security services,” according to the article. It points out that the U.K. government also intends “to create a Cyber Crime Risk Order that can be applied to control the behaviour of cyber criminals, and new abilities to search people believed to be concealing evidence on behalf of suspected offenders.”
It’s all part of a proposed bill “designed to make the UK a harder target for hostile foreign states and other dangerous groups to attack.”
BloFin War of Whales 2026 Grand Prix opens registration for $5M trading championship
Weekend Open Thread: Theory – Corporette.com
E-Estate Announces 1 Year Live: Washington DC Summit as Real Estate Tokenization Enters Its Next Phase
Coffee Break: Travel Steam Iron
What to Know Before Buying a Curling Wand or Curling Iron
What to expect when you’re expecting a budget
Tech Moves: Microsoft AI leader jumps to OpenAI; former AI2 exec joins Meta; and more
GM Agrees To Pay $12.75 Million To Settle California Lawsuit Over Misuse Of Customers’ Driving Data
Bitcoin Suisse expands with Digital Asset License and Investment Business Act Registration Approval in Bermuda
GM agrees to $12.75M California settlement over sale of drivers’ data
Pakistan to enter Chinese capital market as war inflation bites
Bitcoin Suisse expands with Digital Asset License and Investment Business Act Registration Approval in Bermuda
Google’s Gemini AI Predicts Incredible Solana Price by the End of 2026
H&R Real Estate Investment Trust (HR.UN:CA) Q1 2026 Earnings Call Transcript
Google reimburses Register sources who were victims of API fraud
Prime Video’s Forgotten but Brilliant 2-Part Horror Anthology Is a Perfect Binge
‘Rivals’ Season 2 Is Bigger, Better, and Raunchier Than Ever
University of Michigan’s $20M early OpenAI investment now worth $2B as Musk trial documents reveal endowment bet
Over-Engineered Cardboard PC Case Houses a Full Computer Without Compromising Style or Performance
The Best-Kept Makeup Secret for a More Defined Face
You must be logged in to post a comment Login