AI chatbots may deliver unequal answers depending on who is asking the question. A new study from the MIT Center for Constructive Communication finds that LLMs provide less accurate information, increase refusal rates, and sometimes adopt a different tone when…
Category: Help Net Security
Criminals create business website to sell RAT disguised as RMM tool
A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers recently discovered. The fake RMM tool, called TrustConnect, was being marketed via an LLM-created website parked on trustconnectsoftware[.]com, supposedly…
Ex-Google engineers charged with orchestrating high-tech secrets extraction
A federal grand jury has indicted three Silicon Valley engineers on charges in a scheme to steal trade secrets from Google and other leading technology companies. The indictment charges the three defendants with conspiracy to commit trade secret theft, theft…
Google cleans house, bans 80,000 developer accounts from the Play Store
Google prevented more than 1.75 million policy-violating apps from being published on Google Play and banned over 80,000 developer accounts that attempted to publish harmful apps in 2025. Developer verification, mandatory pre-review checks, and testing requirements in the Google Play…
Man gets five years for aiding North Korean IT employment scam
Ukrainian national Oleksandr Didenko, 29, was sentenced in U.S. District Court to 5 years in prison for an identity theft scheme that enabled North Korean workers to secure fraudulent employment. He pleaded guilty in November 2025 to wire fraud conspiracy…
651 arrested, $4.3 million recovered in African cybercrime sweep
Operation Red Card 2.0, supported by INTERPOL and involving law enforcement agencies from 16 African countries, led to 651 arrests and the recovery of more than $4.3 million from online scams. In Nigeria police took down a fraud ring that…
Security Compass brings policy-driven security and compliance to agentic AI development
Security Compass released SD Elements for Agentic AI Workflow, enabling organizations to stay in control of security and compliance as AI becomes part of software development. AI agents introduce an unprecedented opportunity to accelerate the velocity of software development, but…
The CISO view of fraud risk across the retail payment ecosystem
In this Help Net Security interview, Paul Suarez, VP and CISO at Casey’s, explains how his team manages patching and upgrades for fuel payment systems with long hardware lifecycles. He also discusses risks tied to QR code payments and outlines…
Quantum security is turning into a supply chain problem
Supplier onboarding, invoice processing, and procurement platforms run on encrypted data flows that were built for long-term trust. In many organizations, that trust still depends on cryptographic standards like RSA and elliptic curve cryptography (ECC), even as security teams begin…
Applying green energy tax policies to improve cybersecurity
For years, governments have focused only on the stick of compliance when they could leverage the carrot of tax incentives. Theoretically, compliance fines and penalties should act as a deterrent that improves accountability and reduces data breaches. However, many vendors…
Uptime Kuma: Open-source monitoring tool
Service availability monitoring remains a daily operational requirement across IT teams, SaaS providers, and internal infrastructure groups. Many environments rely on automated checks and alerting to track outages, latency issues, and service degradation across web applications and network endpoints. Uptime…
New infosec products of the week: February 20, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Compliance Scorecard, Impart Security, Redpanda, and Virtana. Impart enables safe, in-app enforcement against AI-powered bots Impart Security has launched Programmable Bot Protection, a runtime approach…
Microsoft reveals critical Windows Admin Center vulnerability (CVE-2026-26119)
Microsoft has disclosed a privilege-escalation vulnerability in Windows Admin Center (WAC), a browser-based platform widely used by IT administrators and infrastructure teams to manage Windows clients, servers, clusters, Hyper-V hosts and virtual machines, as well as Active Directory-joined systems. Although…
Poland restricts Chinese-made cars at protected military sites
Poland’s military leadership has decided that cars manufactured in the People’s Republic of China will no longer cross the gates of sensitive military bases. The decision follows a risk analysis focused on the growing integration of digital systems in cars…
Simbian AI Pentest Agent delivers continuous, context-aware penetration testing
Simbian announced the launch of the Simbian AI Pentest Agent, a new solution designed to provide enterprises with ongoing, on-demand penetration testing. Simbian’s AI Pentest Agent is the first automated penetration testing solution to incorporate business context, ensuring that findings…
Data on 1.2 million French bank accounts accessed in registry breach
In late January 2026, a malicious intruder accessed France’s national bank account registry, FICOBA, enabling them to view information tied to 1.2 million accounts, the Ministry of the Economy and Finance disclosed on Wednesday. TV5 Monde reported that the perpetrator…
Adidas investigates alleged data breach affecting 815,000 records
Adidas confirmed it is investigating a possible data breach involving one of its third-party customer service providers. The company stated that there is no indication its IT infrastructure, e-commerce platforms, or consumer data were impacted by the incident. An individual…
PromptSpy: First Android malware to use generative AI in its execution flow
ESET researchers have discovered PromptSpy, the first known Android malware to abuse generative AI as part of its execution flow in order to achieve persistence. This marks the first time generative AI has been deployed in this way. Because the…
Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329)
A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 researchers discovered. “The vulnerability is present in the device’s web-based API service, and is accessible in…
Men sentenced to 8 years in $1.3 million computer intrusion and tax fraud scheme
Matthew A. Akande, a Nigerian national, was sentenced by a U.S. District Court to eight years in prison, followed by three years of supervised release, for his role in a scheme to break into Massachusetts tax preparation firms’ computer networks…