Omnissa telemetry suggests business buyers are loving Apple and Google End-user compute vendor Omnissa, the company formed by the spin-out of VMware’s virtual desktops, applications, and device management biz, has dug into the telemetry it collects from customers and painted…
Category: EN
HPE enhances security to support AI and distributed enterprise environments
HPE has unveiled new security innovations designed to help organizations scale distributed operations, reduce cyber risk, and maintain consistent governance as AI adoption accelerates across the enterprise. To help enterprises securely adopt AI and turn resilience into a core business…
Google’s TurboQuant cuts AI memory use without losing accuracy
Large language models carry a persistent scaling problem. As context windows grow, the memory required to store key-value (KV) caches expands proportionally, consuming GPU memory and slowing inference. A team at Google Research has developed three compression algorithms: TurboQuant, PolarQuant,…
FCC router ban, drone hit AWS, Crunchroll leak
FCC bans foreign routers Drone activity disrupts AWS region Crunchyroll confirmed data leak Check out our show notes for all story links: https://cisoseries.com/cybersecurity-news-fcc-router-ban-drone-hit-aws-crunchroll-leak/ Huge thanks to our sponsor, ThreatLocker Least privilege isn’t about distrusting users — it’s about limiting blast…
How to avoid FIFA World Cup 2026 ticket scams?
The best way to avoid getting scammed when trying to obtain tickets for matches in the FIFA World Cup is to purchase them directly from… The post How to avoid FIFA World Cup 2026 ticket scams? appeared first on Panda…
Five Malicious npm Packages Target Crypto Developers, Steal Wallet Keys via Telegram
Five malicious npm packages impersonating popular crypto libraries are stealing wallet keys from Solana and Ethereum developers and exfiltrating them directly to a hardcoded Telegram bot. Each package typosquats or wraps a legitimate crypto library and funnels stolen private keys…
FCC Blocks New Foreign Consumer Router Models Citing Serious Security Risks
On March 23, 2026, the Federal Communications Commission (FCC) officially updated its Covered List to ban all new consumer-grade routers produced in foreign countries from receiving equipment authorisation. This regulatory action, driven by a White House-convened Executive Branch interagency determination,…
Training an AI agent to attack LLM applications like a real adversary
Most enterprise software development teams now ship AI-powered applications faster than traditional penetration testing can keep up with. A security team with 500 applications may test each one once a year, or less. In the time between tests, the underlying…
TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise
TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a Kubernetes lateral movement toolkit, and a persistent backdoor. Multiple security…
Compromised LiteLLM Package With 95M Downloads Tied to TeamPCP, After Trivy & KICS Hacks
Security researchers discovered that the popular Python library litellm was compromised on PyPI. With over 95 million monthly downloads, this open-source tool helps developers route requests across various LLM providers through a single API. The threat actor, identified as TeamPCP, injected malicious…
Google Authenticator’s Hidden Passkey Design May Expose New Passwordless Attack Vectors
Google’s passkey ecosystem quietly depends on a powerful cloud-side component that changes where “passwordless trust” actually lives and that shift could open new avenues for account takeover in the real world. Most passkey discussions focus on WebAuthn and FIDO specs,…
HackerOne Confirms Employee Data Stolen Following Linked Navia Hack
HackerOne, a leading vulnerability coordination and bug bounty platform, has officially confirmed a data breach impacting its employees. The security incident did not occur directly on HackerOne’s internal network or infrastructure. Instead, the sensitive data was exposed through a targeted…
Why your phishing simulations aren’t building a security culture
Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell us nothing about…
You don’t have to choose between BAS or automated pentesting, you shouldn’t
There’s a debate making the rounds in security circles that sounds reasonable on the surface but falls apart under operational scrutiny: Which is better, breach and attack simulation (BAS) or automated penetration testing (APT)? Security vendors have stoked this debate…
Aqua Security’s Trivy Scanner Hit by Supply Chain Attack, Threatening Software Integrity
A sophisticated supply chain attack compromised Aqua Security’s popular open-source Trivy vulnerability scanner. Threat actors successfully distributed malicious code through the project’s GitHub Actions, targeting deployment pipelines to silently exfiltrate sensitive credentials. While Aqua’s commercial products remain completely unaffected, the…
Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack
A sophisticated supply chain attack targeting Aqua Security’s widely used open-source vulnerability scanner, Trivy. A threat actor leveraged compromised credentials to distribute malicious releases, turning a trusted security tool into a mechanism for large-scale credential theft across CI/CD pipelines. The…
Kali Linux 2026.1 Released With 8 New Hacking Tools
Kali Linux 2026.1 has officially been released, marking the first major update of the year for the popular penetration testing distribution. Designed for professionals engaged in technical security research and vulnerability analysis, this update features modern aesthetic enhancements, notable advancements…
Which Came First: The System Prompt, or the RCE?
During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude (Opus 4.5) and a third-party asset management platform. The idea is simple: instead of clicking through dashboards and making API calls,…
Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18
Penetration testers running Kali Linux have a new release to work with. Version 2026.1 delivers the annual theme refresh, a new BackTrack-inspired mode in kali-undercover, eight tools added to the network repositories, a kernel bump to 6.18, and several Kali…
Your security stack looks fine from the dashboard and that’s the problem
One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience Risk Index, has…