Category: Help Net Security

Operation Endgame, the largest international law enforcement operation aimed at disrupting ransomware and cybercrime infrastructure across the world, has claimed its latest targets: StealC and Amadey. The notice on disrupted websites (Source: Microsoft) While developed by separate criminal groups, those…

Read more →

An Algerian national accused of running online marketplaces that sold phishing kits and fraud tools has been extradited from Spain to the United States to face bank fraud conspiracy charges. The post Algerian national accused of running cybercrime marketplaces extradited…

Read more →

Anthropic introduced an agent identity model for Claude Tag, its AI assistant designed for team collaboration in shared workspaces. The model gives Claude its own identity, permissions, and tool access, configured by administrators and tied to a workspace or channel.…

Read more →

SuperOps and Guardz announced a strategic partnership, combining their platforms into a single bundled offering for managed service providers (MSPs). The package brings professional services automation (PSA), remote monitoring and management (RMM), mobile device management (MDM), and agentic security operations…

Read more →

Healthcare technology company Xsolis confirmed that a phishing attack resulted in unauthorized access to its network. The company develops AI-powered software for hospitals, health systems, and health plans and serves more than 600 hospitals and health insurers. “On January 22,…

Read more →

CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “Our honeypots are seeing automated sweeps dropping webshells, all via…

Read more →

LastPass disclosed that attackers used OAuth tokens compromised in a supply chain attack on Klue, a market intelligence platform that integrates with CRM and sales tools across organizations, to access customer data stored in its Salesforce environment. “On June 12th…

Read more →

Google’s Alert Center, a dashboard in the Google Admin console that displays security and administrative alerts and helps administrators identify, investigate, and respond to issues affecting their organization, is expanding the “Super Admin password reset” alert into the “Admin password…

Read more →

DigiCert has announced it is bringing independent trust validation to confidential computing environments, in collaboration with Google Cloud. By applying the proven principles of Public Key Infrastructure (PKI) to cloud infrastructure, DigiCert will provide cryptographic verification that cloud-hosted systems and…

Read more →

Secure Code Warrior has introduced its new SCW AI Adoption Model, a practical framework that maps the progression of AI use in software development, from minimal AI assistance to fully autonomous agentic orchestration. The framework helps CISOs assess their organization’s…

Read more →

Cequence Security has announced the launch of Intent Graph and Biometric Check, two new capabilities that extend the behavioral architecture Cequence has built since its inception. They provide enterprises with bot defense that works across web, mobile, API, and agentic…

Read more →

Brinqa BYOAI (Bring Your Own AI), a capability that enables organizations to connect any AI agent, large language model (LLM), or automation platform to Brinqa’s exposure intelligence layer. As enterprises adopt AI, they need to ensure that AI systems use…

Read more →

Qodo has announced three new platform capabilities: Cross-Repo Code Review, Custom Rules Miner, and Skill Review Standards. These new capabilities address a set of governance gaps that have emerged as AI-generated code reaches enterprise scale. AI agents have fundamentally changed…

Read more →

In this interview with Help Net Security, Jorge Aldegunde, Global Head of Railway Services at DNV, talks through what happens when old operational technology meets newer IT in monorail systems. He explains why open networks widened the attack surface, how…

Read more →

Praxen is an open-source tool with a simple job: it checks whether an AI agent does what it claims to do. The tool takes an agent’s declared policy, looks at how the agent operates, and points out every spot where…

Read more →

The Agentic SOC market is loud. Dozens of vendors promise to take alert triage, investigation, and response off your analysts’ plates, but most claims have never been tested in production. The hard part is separating operational improvement from this marketing…

Read more →

Software teams are pushing code into production faster than security testing can keep up. AI is accelerating development cycles and adding pressure to security programs that rely on periodic validation and manual penetration testing. The 2026 State of AI Security…

Read more →

Application Security Leader DriveNets | Israel | Hybrid – View job details As an Application Security Leader, you will define security requirements, drive secure coding practices, oversee vulnerability management, and integrate security testing and automation into development pipelines. You will…

Read more →

A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, scripts, and credentials left inadvertently exposed on a server has given researchers an unusually detailed look at how…

Read more →

A Reddit comment that takes only a few seconds to write can end up influencing the answers generated by AI research tools. A Cornell Tech study found that a short snippet of user-generated text, sometimes as little as 13 words,…

Read more →