Best of CybersecurityJanuary 2026

  1. 1
    Article
    Avatar of ieeespectrumIEEE Spectrum·12w

    AI Code Transforms C to Rust for Safer Software

    The Great Refactor initiative aims to use AI-powered tools to automatically convert 100 million lines of vulnerable C/C++ code in critical open-source libraries into memory-safe Rust by 2030. Memory safety issues account for roughly 70% of software vulnerabilities, and while manual conversion requires thousands of hours, modern AI coding tools can now reliably translate programs up to 5,000 lines with oversight. DARPA's TRACTOR program is exploring hybrid approaches combining AI with classical code analysis. Key challenges include ensuring the translated code is maintainable by humans, the limited pool of Rust experts, and securing $100 million in government or private funding.

  2. 2
    Article
    Avatar of arstechnicaArs Technica·11w

    County pays $600,000 to pentesters it arrested for assessing courthouse security

    Two penetration testers were arrested in 2019 while conducting an authorized red-team security assessment of an Iowa courthouse, despite having written authorization for physical security testing including lockpicking. They spent 20 hours in jail on felony burglary charges (later reduced to misdemeanor trespassing), and the county sheriff continued to publicly allege illegal activity. The case settled for $600,000 after the security professionals sued for wrongful arrest and defamation, highlighting the legal risks penetration testers face even when performing legitimate, contracted work.

  3. 3
    Article
    Avatar of hnHacker News·12w

    Europe wants to end its dangerous reliance on US internet technology

    Europe's heavy reliance on US cloud computing providers (AWS, Microsoft Azure, Google Cloud control ~70% of the market) creates vulnerability to service disruptions from technical failures, geopolitical disputes, or cyber-attacks. Recent outages from AWS and Cloudflare demonstrated this risk. European governments are responding by investing in digital sovereignty initiatives: Schleswig-Holstein replaced 70% of Microsoft licenses with open-source alternatives, France/Germany/Netherlands/Italy are developing sovereign digital platforms, and Sweden built its own collaboration system in domestic data centers. The EU is developing a cloud sovereignty framework and upcoming Cloud and AI Development Act to keep European data under European control, treating digital infrastructure as critically as physical infrastructure.

  4. 4
    Article
    Avatar of troyhuntTroy Hunt·14w

    Who Decides Who Doesn’t Deserve Privacy?

    Privacy is a fundamental human right that applies universally, regardless of personal moral judgments about individuals' activities. Using the Ashley Madison breach as a case study, the article examines why certain data breaches should be flagged as sensitive in Have I Been Pwned (HIBP). Email addresses in breaches don't always indicate what they seem—people join services for various reasons, accounts can be created without consent, and public doxing can have life-threatening consequences. Legally defined sensitive personal information includes data revealing racial origin, political opinions, religious beliefs, sexual orientation, and health data. HIBP flags breaches as sensitive to prevent the service from being weaponized for public shaming, while still forwarding illegal content to law enforcement. The decision protects both individual privacy rights and the service's ability to operate.

  5. 5
    Video
    Avatar of techlinkedTechLinked·15w

    Grok is Out of Control

    Grok's AI chatbot experienced a major safety failure allowing generation of inappropriate content involving minors. Instagram's CEO suggests labeling real content instead of AI-generated material due to overwhelming AI slop. PlayStation 5 security was compromised through leaked ROM keys, potentially enabling hardware-level jailbreaks. Asus pauses phone releases for 2026 due to weak sales. California launches a unified platform for residents to request data deletion from 500+ brokers. Various other tech news includes Samsung maintaining Galaxy S26 pricing, Pebble's smartwatch revival, and concerns about workplace nicotine distribution at tech startups.

See all Cybersecurity archives