Category: Help Net Security

The UK’s Information Commissioner’s Office (ICO) has fined Reddit $19.5 million after finding that the company failed to use children’s personal information lawfully, exposing them to inappropriate and harmful content. The investigation found that Reddit did not apply an age…

Read more →

SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. If exploited, the flaws may allow attackers to create a system admin user and/or execute code as…

Read more →

CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities (KEV) catalog. The vendor has confirmed active exploitation, stating it has received multiple reports of damage caused by…

Read more →

Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has been sentenced to 87 months in prison by a federal judge in Washington, D.C., after pleading guilty to stealing and selling sensitive cyber-exploit trade secrets to a Russian broker.…

Read more →

Apple has introduced expanded age assurance tools to help developers comply with regulations taking effect in Brazil, Australia, Singapore, Utah, and Louisiana. The updates, available in beta, expand the Declared Age Range API and related App Store systems. Age-based download…

Read more →

Venture funding in cybersecurity continued to concentrate in large private rounds at the end of 2025, driving valuations higher across stages. Data from DataTribe shows total capital invested approached $150 billion for the year, with a disproportionate share flowing into…

Read more →

The Microsoft Quantum Development Kit (QDK) is an open-source toolkit that runs on laptops and in common development environments. It includes code, simulators, libraries, and workflows that work with Visual Studio Code and GitHub Copilot. Integration with these tools gives…

Read more →

Airline brands sit at the center of peak travel booking cycles, loyalty programs, and high value transactions. Criminal groups continue to register thousands of lookalike domains tied to these brands, targeting travelers, employees, and business partners. Recent threat intelligence from…

Read more →

Internet-facing VPNs, routers, and remote access services absorbed sustained exploitation attempts throughout the second half of 2025, with nearly 3 billion malicious sessions recorded over 162 days. The concentration on edge infrastructure aligns with how attackers pursue initial access across…

Read more →

Two South Korean teenagers have been charged in connection with a cyberattack that compromised the personal data of 4.62 million users of Seoul’s public bike service, Ttareungyi. The compromised data included user IDs, mobile phone numbers, addresses, dates of birth,…

Read more →

Forescout introduced Forescout VistaroAI, which thinks like a security expert instead of a chatbot. It eliminates the need for prompt engineering by delivering role-based automation with human-in-the-loop control, resulting in faster, more accurate risk decisions and an improved user experience…

Read more →

Veeam Software announced Agent Commander, a unified solution to help organizations safely detect AI risk, protect AI systems, and undo AI mistakes, enabling them to proactively address AI-driven risks and securely scale AI agents everywhere. The first integration from Veeam’s…

Read more →

Druva announced a major expansion of DruAI, adding Deep Analysis Agents that automate complex multi-day forensic and compliance investigations. IT and security teams spend too much time not just fixing problems, but proving what happened and why across incident response,…

Read more →

Aikido Security has unveiled Aikido Infinite, a continuous AI penetration testing solution that autonomously validates and remediates vulnerabilities. Infinite reduces risk with every release by testing software changes as they move through deployment, confirming exploitability, and fixing vulnerabilities within the…

Read more →

New Relic announced enterprise-grade Agentic Platform capabilities that enable organizations to build, deploy, and manage a full spectrum of AI agents and agentic workflows, from simple single-task automations to complex, multi-agent orchestrations. With an intuitive no-code builder for domain experts,…

Read more →

Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like malware…

Read more →

Microsoft expands Microsoft Sovereign Cloud with new disconnected and AI capabilities that help organizations run critical infrastructure, productivity services and large AI models inside sovereign boundaries while keeping governance and operational continuity across connected and disconnected environments. Sovereign Private Cloud…

Read more →

Microsoft’s Windows 365 for Agents is a cloud platform that gives AI agents secure access to cloud PCs. It lets builders run copilots, agents, and automated workflows in Windows environments without managing infrastructure. The platform includes security, policy controls, scalability,…

Read more →

A coordinated international operation supported by Eurojust dismantled a fraudulent call centre operating from three offices and targeting citizens throughout Europe. Authorities arrested 11 suspects and seized more than €400,000 in cash. Initial investigations identified victims in Latvia and Lithuania…

Read more →

Support is ending for three Windows products released in 2016, with deadlines beginning in October 2026. Windows 10 Enterprise LTSB 2016 and Windows 10 IoT Enterprise 2016 LTSB will reach end of support on October 13, 2026, followed by Windows…

Read more →