Category: Help Net Security

In this Help Net Security video, Itamar Apelblat, CEO of Token Security, walks through findings from the company’s research, which shows that 65% of agentic chatbots have never been used yet still hold live access credentials. He explains why organizations…

Read more →

AI agents are executing consequential tasks autonomously, often across multiple systems and with little record of what they did or why. Asqav, a Python SDK released under the MIT license, addresses that gap by attaching a cryptographic signature to each…

Read more →

Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. “Because the emails are dispatched from the platform’s own infrastructure, they satisfy all standard authentication requirements…

Read more →

Routine use of GenAI has moved into daily operations in state and territorial government environments, placing new security risks within common workflows. A Center for Internet Security (CIS) report, Prompt Injections: The Inherent Threat to Generative AI, identifies prompt injection…

Read more →

A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by someone who goes by the handle Chaotic Eclipse and Nightmare Eclipse. Several security researchers have fixed the…

Read more →

Trellix announced enhanced data security capabilities and a strategic framework designed to help organizations confidently adopt generative AI while protecting sensitive data from exposure and loss. “The rapid adoption of AI tools across the enterprise is creating new and often…

Read more →

North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the…

Read more →

U.S. government agencies on Tuesday warned American organizations about ongoing cyber activity targeting OT and PLC devices, including those manufactured by Rockwell Automation and Allen-Bradley, across multiple critical infrastructure sectors. The activity has been attributed to Iranian-affiliated APT actors seeking…

Read more →

Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the malware operating against misconfigured Linux cloud servers, a category of infrastructure the botnet had…

Read more →

Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as CVE-2026-34078.…

Read more →

Secureframe has announced the launch of User Access Reviews, a new capability within Secureframe Comply. Access reviews are the primary mechanism organizations use to validate that the right people have the appropriate access, but the process has historically been manual,…

Read more →

In this Help Net Security interview, Kumar Ravi is the Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more danger than ransomware attacks, precisely because they accumulate quietly and go unnoticed.…

Read more →

Wireless network operators are preparing for a generation of infrastructure where AI is built into the architecture from the start. Sixth-generation networks, expected to reach commercial development over the coming decade, are being designed with AI at the center of…

Read more →

OpenSSL 3.6.2 patches eight CVEs across a range of components. The project rates the most severe issue in the release as Moderate. What got fixed The release fixes incorrect failure handling in RSA KEM RSASVE encapsulation (CVE-2026-31790) and a loss…

Read more →

Application Security Engineer Liebherr Group | Germany | On-site – View job details As an Application Security Engineer, you will implement security testing tools such as SAST, DAST, and IAST, perform vulnerability assessments and penetration testing, and collaborate with developers…

Read more →

Automated vulnerability discovery tools have existed for decades, and the gap between finding a bug and building a working exploit has always slowed attackers. That gap is now substantially narrower. Anthropic’s Claude Mythos Preview, a new general-purpose language model being…

Read more →

Attack activity is moving toward infrastructure outside endpoint visibility. Proxy networks support a wide range of operations, edge devices serve as initial access points, and GenAI speeds up how attackers assemble and rebuild their tooling. Lumen’s 2026 Threatscape Report describes…

Read more →

Online crime continues to generate rising financial losses, with totals reaching $20.877 billion in 2025. The FBI’s Internet Crime Complaint Center (IC3) report shows a 26% increase in total reported losses from the previous year. (Source: FBI) More than one…

Read more →

The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting…

Read more →

Acronis has announced the launch of Acronis MDR by Acronis TRU, a globally available 24/7/365 managed detection and response (MDR) service. Built specifically for managed service providers (MSPs) of all sizes, the service provides threat detection, incident response, and cyber…

Read more →