Vetted by NeuralPress's Multi-Agent Verifier for strict factual validity and event relevance. Our compliance engine cross-checks and filters search results to ensure zero false correlations or misleading content.
Primary Sources
After fighting malware for decades, this cybersecurity veteran is now ...
Mikko Hyppönen is pacing back and forth on the stage, with his trademark dark blonde ponytail resting on an impeccable teal suit. A seasoned speaker, he is trying to make an important point to a room full of fellow hackers and security researchers at one of the industry’s global annual meet-ups. “I often call this ‘cybersecurity Tetris’,” he tells the audience with a serious face, reeling off the rules of the classic video game. When you complete a whole line of bricks, the row vanishes, leaving the rest of the bricks to fall into a new line. “So your successes disappear, while your failures pile up,” he tells the audience during his keynote at Black Hat in Las Vegas in 2025. “The challenge we face as cybersecurity people is that our work is invisible… when you do your job perfectly, the end result is that nothing happens.” Hyppönen’s work, however, has certainly not been invisible. As one of the industry’s longest serving cybersecurity figures, he has spent more than 35 years fighting malware. When he started in the late 1980s, the term “malware” was still far from everyday parlance; the terms instead were computer “virus” or “trojans.” The internet was still something few people had access to, and some viruses relied on infecting computers with floppy disks. Since then, Hyppönen estimated he has analyzed thousands of different kinds of malware. And thanks to his frequent talks at conferences all over the world, he has become one of the most recognizable faces and respected voices of the cybersecurity community. While Hyppönen has spent much of his life trying to keep malware from getting into places it is not supposed to, now he is still doing much of the same, albeit a slightly different tack: His new challenge is to protect people against drones. Hyppönen, who is Finnish, told me during a recent interview that he lives about two hours away from Finland’s border with Russia. An increasingly hostile Russia and its 2022 full-scale invasion of Ukraine, where the majority of deaths have reportedly come from unmanned aerial attacks, have made Hyppönen believe he can have renewed impact by fighting drones. For Hyppönen, it is also a matter of recognizing that while there are still long-standing problems to solve in the world of cybersecurity — malware is not going anywhere and there are plenty of new problems on the horizon — the industry has made huge strides over the last two decades. An iPhone, Hyppönen brought up as an example, is an extremely secu...
Critical PX4 Autopilot Flaw Lets Hackers Take Control of Drones
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding a severe vulnerability in the PX4 Autopilot system. This critical flaw could allow malicious actors to completely take over unmanned aerial vehicles (UAVs) and drones deployed across vital infrastructure sectors worldwide. CVE-2026-1579: What You Need to Know Tracked as CVE-2026-1579, the security flaw carries a near-maximum Common Vulnerability Scoring System (CVSS) v3.1 score of 9.8 out of 10. Classified under CWE-306, the vulnerability stems from a “Missing Authentication for Critical Function” error within the drone’s flight software. CISA formally published the advisory under identifier ICSA-26-090-02 on March 31, 2026.c PX4 Autopilot is a widely adopted open-source flight control software used globally to manage drones and other autonomous vehicles. The vulnerability exists in how the software handles communication through the MAVLink interface, a messaging protocol used to transmit commands and telemetry data between drones and ground control stations. According to the CISA advisory, the MAVLink communication protocol does not require cryptographic authentication by default. This means that when MAVLink 2.0 message signing is not enabled, any message including the SERIAL_CONTROL A command, which provides interactive shell access, can be sent by an unauthenticated party with access to the MAVLink interface. An attacker who can reach that interface can issue arbitrary shell commands without needing a password or security key, effectively hijacking full control of the flight controller. The vulnerability specifically impacts PX4 Autopilot version v1.16.0_SITL_latest_stable. The Switzerland-headquartered PX4 Autopilot system is deployed globally, with CISA confirming that the affected critical infrastructure sectors include: Transportation Systems Emergency Services Defense Industrial Base A successful remote drone takeover in these environments could lead to stolen surveillance data, disrupted emergency response efforts, or compromised defense operations. The critical flaw was discovered and responsibly reported to CISA by security researcher Dolev Aviv from aviation cybersecurity firm Cyviation. Cyviation specializes in proactive intelligence and monitoring solutions targeting cyber threats in aviation communication systems. CISA and PX4 urge all operators and organizations to take immediate defensive action: Enable MAVLink 2.0 me...
Mikko Hyppönen: Suomeen pudonneet droonit räjähteillä pakattuja | MTV ...
Mikko Hyppönen uskoo, että Suomeen pudonneet droonit olivat räjähteillä pakattuja: Tehokkaita ja vaarallisia Sensofusionin tutkimusjohtaja Mikko Hyppönen. Vieressä kuva toisesta Kouvolaan pudonneesta ukrainalaisesta droonista.
Hyppönen: Kouvolaan syöksyneelle droonille oli todennäköisesti ...
Hyppönen: Kouvolaan syöksyneelle droonille oli todennäköisesti mahdollisuus antaa käskyjä etänä "Sille voidaan lähettää komentoja. Kuten että vaihdetaan koordinaatteja tai että estetään räjähdys koneen törmätessä maahan", Hyppönen kuvaa.
