Category: Help Net Security

A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The attack The proof-of-concept attack targets AI-powered coding agents such as Claude…

Read more →

OpenAI has started rolling out the GPT-5.6 series models in limited preview to a small group of trusted partners through the API and Codex. The series includes Sol as the flagship model, Terra as a balanced option, and Luna as…

Read more →

Penetration testing has long run on expert time, with specialists spending days probing a network or web application by hand. Manual engagements stretch across weeks, expert consultants run into thousands of dollars a day, and results vary with the tester.…

Read more →

People use AI chatbots for company, advice, and emotional support, and these systems answer in ways meant to hold their attention. Researchers describe the resulting risks as affective safety, a class of harm that exists because humans are emotional beings…

Read more →

Companies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated high risk far more often than anything else, and they get fixed slower…

Read more →

Database professionals are using AI for everyday work like writing queries, building schemas, and reviewing code, and a growing share rely on autonomous tools that act on the database itself. The use of AI in database management has almost tripled…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Encrypted DNS still tells an eavesdropper where to look Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the…

Read more →

Proof has launched x401, an open, issuer-neutral protocol that lets any website or API ask for and verify the identity behind agents. With x401, a service can ask for the proof it requires: verified identity, age, membership, organizational affiliation, signing…

Read more →

Open source software projects are getting a new framework for handling security vulnerabilities as AI shortens the time between flaw discovery and exploitation. The Linux Foundation has launched Akrites, an industry initiative that brings together technology companies, financial institutions, security…

Read more →

Synology has has fixed critical vulnerabilities in MailPlus Server, a software package used to run private email infrastructure on Synology NAS devices. The security update fixes three flaws: CVE-2026-13136, stemming from faulty authorization checks, may allow remote attackers to read…

Read more →

Ransomware attacks against European organizations increased during the first months of 2026, with third-party suppliers becoming a major entry point for attackers. Black Kite examined 2,066 ransomware incidents across 31 countries between January 2025 and April 2026 in its 2026…

Read more →

Kaspersky researchers have uncovered a previously unknown cyberattack campaign that has compromised government organizations and software development companies in multiple countries. They first stumbled onto the campaign while investigating an attack on a diplomatic organization in Indonesia. What initially looked…

Read more →

Mirage2FA, a phishing kit that combines short-lived HTML smuggling with obfuscated JavaScript loaders to deliver fake Microsoft 365 login pages and steal credentials during MFA prompts, has been identified by researchers at Fortra. Fortra based its analysis on a suspicious…

Read more →

Officers from Poland’s Central Bureau for Combating Cybercrime (CBZC) arrested four suspected members of an organized cybercrime group accused of SIM swap attacks, cryptocurrency theft, and money laundering. The operation involved agents from the U.S. Federal Bureau of Investigation (FBI)…

Read more →

ZeroTier has announced the release candidate 2 (RC2) for ZeroTier Quantum, its end-to-end quantum-secure networking platform. This milestone marks the final testing phase, positioning the platform one step away from general availability (GA). ZeroTier Quantum addresses the looming threat quantum…

Read more →

ThreatModeler has announced the general availability of ThreatModeler Nexus, an agentic threat modeling platform that brings governed, architecture-aware security to the way modern software is actually built. As AI writes a growing share of production code, the question is no…

Read more →

Microsoft has given Windows 10 users another year of free security updates, extending its consumer Extended Security Updates (ESU) program until October 12, 2027. “Windows 10 support has ended. You can enroll in ESU any time until the program ends…

Read more →

Submitting a suspicious file to VirusTotal or MalwareBazaar places a copy of that file on a platform other people can search. Analysts across the industry rely on these services to get a quick verdict on whether a binary is dangerous.…

Read more →

SuperOps and Guardz are bundling PSA, RMM, MDM, and agentic SecOps into one offering for MSPs. In this Help Net Security Q&A, SuperOps CEO Arvind Parthiban and Guardz CEO Dor Eisner explain how a connected stack cuts the time and…

Read more →

Organizations that run open-weight models on hardware they own operate GPU fleets spread across clouds, neoclouds, and on-premise data centers. Each fleet handles model placement, replica scaling, infrastructure provisioning, weight distribution, and traffic routing. Teams have built this coordination layer…

Read more →