The open web is slowly but surely filling up with “traps” designed for LLM-powered AI agents. The technique, known as indirect prompt injection (IPI), involves hiding (more or less) covert instructions inside ordinary web pages, waiting for an AI agent…
Category: Help Net Security
Users advised to drop passwords and make room for passkeys
In a decisive move that could reshape how users log in online, the National Cyber Security Centre (NCSC) is urging consumers to abandon passwords in favour of passkeys, positioning them as the future of authentication. “Passkeys should become consumers’ first…
New Cisco firewall malware can only be killed by pulling the plug
Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco Firepower and Secure…
Compromised everyday devices power Chinese cyber espionage operations
China-linked threat actors have shifted from individually procured infrastructure to large-scale covert networks, botnets built from compromised routers and other edge devices, the National Cyber Security Centre (NCSC) warns. To help organizations address this threat, the NCSC, together with the…
Meta is overhauling how you sign in, manage settings, and protect your accounts
Meta Account gives users of Meta apps and devices a simpler way to access and manage their accounts. Accounts Center will automatically be updated to a Meta Account as part of a gradual rollout over the next year. Users will…
Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers
Linux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, codenamed Resolute Raccoon, pulls most of those threads together into a single release that will receive standard…
OpenAI’s GPT-5.5 is out with expanded cybersecurity safeguards
Competition to release stronger AI models is accelerating, and just weeks after the release of GPT-5.4, OpenAI has introduced GPT-5.5, pointing to expanded safeguards in the new model. GPT-5.5 is being rolled out to Plus, Pro, Business, and Enterprise users…
AI is speeding up nation-state cyber programs
Im this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and…
A study of 1,000 Android apps finds a privacy policy logging gap
Android developers write log statements for the same reasons they always have: debugging crashes, tracing performance issues, and understanding how features behave in production. Legal and privacy teams, working from templates and regulatory checklists, draft policies describing what the app…
With AI’s help, North Korean hackers stumbled into a near-undetectable attack
For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing attacks, and much more. Since the advent of LLM-powered AI assistants and tools, less skilled attackers…
Where AI in CI/CD is working for engineering teams
Developers have folded AI into daily coding work. Still, the same tools remain largely absent from the systems that validate and ship software. New research from JetBrains points to a widening gap between how engineers write code on their own…
IT spending to hit $6.31 trillion record, thanks to AI
Global spending on IT is expected to reach $6.31 trillion in 2026, according to the latest quarterly forecast from Gartner, marking a 13.5% increase from the previous year. The forecast shows that growth is spread across all major segments, though…
Hacker with a special interest in breaching sports institutions ends behind bars
French police have arrested a suspected hacker linked to a series of data breaches affecting organizations in the country. Citing authorities, Le Parisien reported that the suspect, a 20-year-old man using the alias ‘HexDex,’ was taken into custody on April…
Aqua Compass MCP server enables real-time investigation and containment of runtime threats
Aqua Security has announced Aqua Compass, a Model Context Protocol (MCP) server that enables agentic investigation, containment and remediation of runtime incidents, and new runtime risk dashboards. These capabilities help security teams move beyond identifying risk and focus on containing…
IP Fabric MCP server adds governance and control to enterprise AIOps workflows
IP Fabric has launched a new Model Context Protocol (MCP) server that removes key barriers to enterprise AIOps adoption, combining secure in-platform deployment with a built-in prompt library for network operations. While MCP servers and AI integrations are increasingly common,…
Google brings instant email verification to Android, no OTP needed
Google has introduced cryptographically verified email credentials for Android through the Credential Manager API. This API aligns with the W3C Digital Credential API standard. It provides a unified way for apps to request and retrieve user credentials for authentication and…
Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)
Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain notifications marked for deletion. The vulnerability was patched following a recent report about the FBI accessing…
If cyber espionage via HDMI worries you, NCSC built a device to stop it
A new cybersecurity device developed by the National Cyber Security Centre (NCSC) should be a helpful solution for protecting governments and businesses from malicious activity carried through display connections. Called SilentGlass, the plug-and-play tool is designed to protect HDMI and…
OpenAI tackles a bad habit people have when interacting with AI
Since people tend to paste personal data into AI tools such as ChatGPT, OpenAI has released Privacy Filter, an open-weight model designed to detect and redact personally identifiable information (PII) in text. The model is available under the Apache 2.0…
GopherWhisper APT group hides command and control traffic in Slack and Discord
Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group pushes that trend further, running its operations through Slack workspaces, Discord servers, Outlook drafts, and the…