Category: Help Net Security

Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. The…

Read more →

Every year brings its share of global events, but 2026 is proving to be a banner year for mega-scale entertainment. The year got off to a roaring start with the Winter Olympics, and now anticipation is building for the fast-approaching…

Read more →

In this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss…

Read more →

A vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT environment, you patch…

Read more →

In a recent GitGuardian analysis, an average of 150 secrets were found on a sample of developer endpoints. Private keys accounted for 38% of unique secrets, while cloud, identity provider, and secret management credentials (AWS IAM, Hashicorp vault) added another…

Read more →

Trend Micro Mobile Security for iOS protects devices from potentially harmful websites while browsing, blocks ads and personal information trackers, helps users avoid unsafe Wi-Fi networks, and monitors data usage. The app is available for both iOS and Android devices.…

Read more →

ETSI has published TS 104 033, a technical specification that defines security requirements for AI computing platforms. The specification establishes a security framework for platforms used to host AI applications in data center and edge computing environments, covering security functions,…

Read more →

Microsoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent vulnerability discovery system, new controls for managing and securing AI agents, data protection capabilities, and…

Read more →

Microsoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent vulnerability discovery system, new controls for managing and securing AI agents, data protection capabilities, and…

Read more →

New operating systems prioritize usability, a reality which threat actors use to exploit security gaps. Every misconfiguration creates an opportunity for compromise, and lean teams struggle in their security management efforts to harden hundreds or thousands of endpoints. CIS SecureSuite…

Read more →

A Malware-as-a-Service (MaaS) operation named WeedHack is targeting Minecraft users and allows threat actors to gain remote access to victims’ screens, webcams, and files through a web-based dashboard, McAfee researchers found. Minecraft, developed by Mojang Studios and released in 2011,…

Read more →

Researchers at the University of Toronto, the Vector Institute, and the University of Cambridge have built and tested a proof-of-concept AI-driven worm that does not operate on a fixed list of exploits. Instead, it analyzes each target it encounters, reasons…

Read more →

Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing credentials. A new independent assessment of 100 production agents finds that nearly all of them carry the…

Read more →

Android is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone by Google on Android 12 or later. It will roll out globally this…

Read more →

Workplace AI assistants have mostly waited for a prompt before doing anything. A user asks, the tool answers, and the exchange ends there. Microsoft is putting a different kind of agent inside its Office applications, one designed to keep operating…

Read more →

Android is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone by Google on Android 12 or later. It will roll out globally this…

Read more →

Anthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks of work with its initial group of partners, security firms, open-source maintainers, and government agencies. Organizations joining…

Read more →

MazeBolt has announced the launch of RADAR VectorAI, a new MazeBolt module that creates AI-generated DDoS attacks. As AI outpaces human response, enterprises need to have access to validated DDoS vulnerability data about both known and AI-generated attack vectors. Mythos…

Read more →

Critical Start has released SOC AI, a production-proven multi-agent framework powering its AI-led Managed Detection and Response (MDR). SOC AI coordinates ten specialized agents across the full alert investigation and response lifecycle, covering detection, triage, response, threat hunting, and continuous…

Read more →

Netskope has announced Netskope One AI Command Center, bringing together AI discovery, risk intelligence, and autonomous response capabilities in a single platform. As the latest expansion of the Netskope One AI Security suite, it helps security teams understand what AI…

Read more →