Top stories.
- Critical Netlogon flaw is under active exploitation.
- Military leaders debate battlefield AI.
- California sues 23andMe over 2023 data breach.
Critical Netlogon flaw is under active exploitation.
Belgium's Centre for Cybersecurity (CCB) warns that threat actors are exploiting a critical Netlogon vulnerability that was patched in Microsoft's May 2026 Patch Tuesday updates, BleepingComputer reports. The vulnerability (CVE-2026-41089) is a stack-based buffer overflow that can allow an unauthorized attacker to execute code over a network.
The CCB stated, "To exploit this CVE, an attacker must send a specially crafted network request to a Windows server that is acting as a domain controller. If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system with SYSTEM privileges. It is now actively exploited in the wild. Exploitation does not require any prior privileges or user interaction and can be executed remotely. Patches are available for all versions of Windows Server from 2012 onward."
Military leaders debate battlefield AI.
As the Trump administration accelerates the use of artificial intelligence tools across the US military, some military leaders are urging caution, SecurityWeek reports. Adm. Frank Bradley, head of US Special Operations Command, said at a recent special forces conference that troops "have to be very careful about how we come to [AI's] employment and its inspiration into the delivery of lethality," adding that "we, as humans, have to have the confidence that...it's going to deliver violence only where we intend it to be delivered."
Other officials at Special Operations Command stressed that AI is more commonly used across the military for automating mundane tasks and informing operators' judgement. Helen Toner, interim executive director at Georgetown University’s Center for Security and Emerging Technology, told SecurityWeek that this is true, though the military is also using AI to assist in combat operations. Toner stated, "There are a huge number of potential uses for AI in these kinds of bureaucratic settings, which the U.S. military is actively exploring."
California sues 23andMe over 2023 data breach.
California has filed a lawsuit against genetic testing company 23andMe (now known as "Chrome Holding Co."), accusing the company of failing to implement adequate security controls before suffering a major data breach in 2023, the Register reports. California Attorney General Rob Bonta also alleges that 23andMe downplayed the severity of the breach and misled customers about the incident.
Bonta stated, "While 23andMe assured the public that it had not experienced a data security incident within its systems, downplayed the sensitivity of the stolen data by claiming that the information stolen from the 'DNA Relatives' feature was essentially public, and attempted to shift blame for the breach to its customers, 23andMe was simultaneously negotiating and paying a ransom to the threat actor in exchange for, among other things, the threat actor removing damaging information regarding the breach that had been posted online and providing information about multiple 23andMe security vulnerabilities, including vulnerabilities the threat actor exploited during the data breach."
23andMe filed for Chapter 11 bankruptcy last year, and the Register was unable to locate a contact at the company for a comment on the lawsuit.
