AppGate has announced the launch of its Operational Technology (OT) ZTNA solution. Designed to secure industrial control systems, manufacturing plants, energy facilities, and other critical infrastructure, the offering extends AppGate’s direct-routed ZTNA architecture into OT environments. It enables secure remote…
Tag: Help Net Security
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)
Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The company did not say whether the vulnerability has been exploited as a zero-day, but has urged…
Proofpoint unifies email, data, and AI security to reduce enterprise blind spots
Proofpoint has unveiled innovations across its Collaboration Security and Data Security portfolios, strengthening protection for the agentic workspace, where people and AI agents interact across communication and data environments to execute business-critical work. As organizations deploy AI assistants and autonomous…
Zero Networks Kubernetes Access Matrix exposes hidden access paths and blast radius
Zero Networks has announced the Kubernetes Access Matrix, a real time visual map that exposes every allowed and denied rule inside Kubernetes clusters. The new capability enables security and DevOps teams to see, understand, and control Kubernetes access at scale,…
Russian hackers go after high-value targets through Signal
Russian intelligence-linked hackers are targeting commercial messaging platforms, with Signal a primary focus, the FBI and CISA warn. The campaign is aimed at individuals of intelligence interest, including government personnel, journalists, and others with access to sensitive communications. It is…
Zluri addresses expanding identity attack surface across SaaS, cloud, and AI
Enterprise identity is undergoing a fundamental shift. Employees are no longer the only identities operating inside organizations. Service accounts, machine identities, application integrations, and AI agents now interact with enterprise systems at scale, accelerating the growth of non-human identities and…
Booz Allen’s Vellox brings AI vs. AI defense to protect critical infrastructure and national security
Booz Allen Hamilton’s new Vellox suite showcases how AI-native cyber defense can counter growing threats to U.S. national security and critical infrastructure. The company’s new threat report, When Cyberattacks Happen at AI Speed, shows that AI is widening the gap…
Your AI agents are moving sensitive data. Do you know where?
In this Help Net Security interview, Gidi Cohen, CEO at Bonfy.AI, addresses what he sees as the most pressing gap in AI agent security: data-layer risk. While the industry focuses on prompt injection and model behavior, Cohen argues the deeper…
Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose protection settings, and required templates go missing. An open-source tool called Plumber automates the detection of those…
NIST updates its DNS security guidance for the first time in over a decade
DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure Domain Name System Deployment Guide,…
Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What smart factories keep getting wrong about cybersecurity In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the biggest vulnerabilities in smart…
Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)
A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock ransomware gang, Amazon CISO and VP of Security Engineering CJ Moses…
Google slows Android sideloading to trip up scammers
Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feature is aimed at experienced users and allows sideloading through a controlled, one-time setup. It addresses scam scenarios where attackers…
Terminated contract led to $2.5 million cyber extortion scheme
A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-based international technology company. He faces up to two years in prison on each of the six charges. Curry,…
Authorities disrupt four IoT botnets behind record DDoS attacks
The U.S. Justice Department and international partners have disrupted four IoT botnets linked to DDoS attacks that reached 30 terabits per second, among the largest ever recorded. The post Authorities disrupt four IoT botnets behind record DDoS attacks appeared first…
Rapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis
Rapid7 has unveiled new cloud security capabilities within Exposure Command. The introduction of runtime validation and Data Security Posture Management (DSPM) enables organizations to identify, validate, and prioritize exploitable risks based on real-world attack paths and business impact. As organizations…
Fake AI songs streamed billions of times, netting fraudster $10 million
Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments from artists. He admitted to one count of conspiracy to commit wire fraud, which…
Unpatched ScreenConnect servers open to attack (CVE-2026-3564)
ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and…
ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption
ConductorOne has announced its AI Access Management product extension, a unified control plane for managing access to AI tools, agents, and MCP connections across the enterprise. The platform enables organizations to accelerate AI adoption while maintaining full visibility, policy enforcement,…
Semgrep Multimodal brings AI reasoning and rule-based analysis to code security
Semgrep announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation. Its detection finds up to 8x more true positives while cutting noise by 50% compared to foundation models alone, and has already…