cybersecurity

Google adds FIDO2 keys and phone passkeys to Windows login via GCPW

Google adds FIDO2 keys and phone passkeys to Windows login via GCPW 2026-07-14 at 13:35 By Anamarija Pogorelec Google has started rolling out FIDO2-compliant physical security key support as a second factor for authentication in Google Credential Provider for Windows (GCPW) to all Google Workspace customers. GCPW is a free tool that lets users sign […]

Google adds FIDO2 keys and phone passkeys to Windows login via GCPW Read More »

No one knows how many old shims can still bypass UEFI Secure Boot

No one knows how many old shims can still bypass UEFI Secure Boot 2026-07-14 at 13:26 By Mirko Zorz The vast majority of UEFI computers carry a Microsoft certificate that will trust a small first-stage loader called a shim, a program Microsoft signs so that Linux and assorted boot tools can run with Secure Boot

No one knows how many old shims can still bypass UEFI Secure Boot Read More »

The best defense against AI attacks turns out to be a skeptical human

The best defense against AI attacks turns out to be a skeptical human 2026-07-14 at 09:00 By Mirko Zorz Analysts across the security industry now run generative AI through their daily work, from log triage to incident write-ups. Active use in cybersecurity strategy reached 78% of practitioners in 2026, up from half the field a

The best defense against AI attacks turns out to be a skeptical human Read More »

Fake smart home residents could stand in for real ones in security research

Fake smart home residents could stand in for real ones in security research 2026-07-14 at 08:30 By Anamarija Pogorelec Smart home security research runs on a scarce ingredient: recordings of how real people use the gadgets in their homes. Getting that data means wiring up someone’s house and watching for months, which is slow, costly,

Fake smart home residents could stand in for real ones in security research Read More »

Why SBOMs, signing, and provenance still don’t tell you if software is safe

Why SBOMs, signing, and provenance still don’t tell you if software is safe 2026-07-13 at 09:30 By Help Net Security We have made real progress in software supply chain security, improving visibility into software components, authenticity and build integrity. Much of this progress traces back to Executive Order 14028, which pushed agencies, contractors and enterprises

Why SBOMs, signing, and provenance still don’t tell you if software is safe Read More »

Cynative: Open-source deep research agent

Cynative: Open-source deep research agent 2026-07-13 at 09:00 By Mirko Zorz Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke around can delete a bucket, flip a permission, or leak a secret on

Cynative: Open-source deep research agent Read More »

Microsoft demystifies how Windows updates work

Microsoft demystifies how Windows updates work 2026-07-13 at 08:30 By Anamarija Pogorelec Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the mechanisms used to deliver new features throughout the year. “Most individuals and organizations regularly deploy monthly security updates, released

Microsoft demystifies how Windows updates work Read More »

A hardware security AI assistant that checks chips for hidden backdoors

A hardware security AI assistant that checks chips for hidden backdoors 2026-07-13 at 08:00 By Sinisa Markovic Chip designers license blocks of circuitry from outside vendors and drop them into larger products. A single processor can carry components from a range of suppliers, each written by a company the buyer may never deal with directly.

A hardware security AI assistant that checks chips for hidden backdoors Read More »

99.9% of fixable AI vulnerabilities remain unpatched

99.9% of fixable AI vulnerabilities remain unpatched 2026-07-13 at 07:30 By Anamarija Pogorelec Organizations build, deploy, and operate AI in the cloud, but basic cybersecurity hygiene is often sacrificed for speed, according to Orca Security’s 2026 State of AI Security Report. Building AI without security Fifty-six percent of AI adopters have deployed agent frameworks into

99.9% of fixable AI vulnerabilities remain unpatched Read More »

Enterprises are rethinking where their AI applications run

Enterprises are rethinking where their AI applications run 2026-07-13 at 07:00 By Anamarija Pogorelec Growing demand for compute capacity, power, cooling and low-latency connectivity is prompting organizations to reassess where AI applications run, according to CoreSite. Public cloud continues to support experimentation and rapid deployment, while colocation is increasingly used for workloads that require predictable

Enterprises are rethinking where their AI applications run Read More »

Only 28% of financial workforce MFA is phishing-resistant

Only 28% of financial workforce MFA is phishing-resistant 2026-07-10 at 08:41 By Anamarija Pogorelec Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new Secret Double Octopus report. Key challenges preventing universal implementation of phishing-resistant MFA (Source: Secret Double Octopus) Workforce

Only 28% of financial workforce MFA is phishing-resistant Read More »

Turning software supply chain security into a daily habit

Turning software supply chain security into a daily habit 2026-07-10 at 08:30 By Help Net Security In this Help Net Security video, Anastasia Tikhonova, Global Threat Research Lead at Group-IB, explains how to operationalize software supply chain risk. Instead of filing an SBOM away as a compliance document, she argues teams should use it every

Turning software supply chain security into a daily habit Read More »

Your coding agent says no in chat and yes in the code

Your coding agent says no in chat and yes in the code 2026-07-09 at 13:44 By Mirko Zorz Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own output across many turns. The safety testing that vets these

Your coding agent says no in chat and yes in the code Read More »

Malicious AI agent skills can slip past the scanners built to stop them

Malicious AI agent skills can slip past the scanners built to stop them 2026-07-09 at 10:24 By Sinisa Markovic Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. Each one is a little bundle of plain-English

Malicious AI agent skills can slip past the scanners built to stop them Read More »

Product showcase: Protect your iPhone with McAfee Mobile Security

Product showcase: Protect your iPhone with McAfee Mobile Security 2026-07-09 at 08:00 By Anamarija Pogorelec McAfee Mobile Security for iOS combines scam protection, web protection, VPN, Wi-Fi security, and device security checks in a single app. It is also available for Android. After downloading the app from the App Store, I created an account and

Product showcase: Protect your iPhone with McAfee Mobile Security Read More »

Wireshark 4.6.7 patches a dozen security flaws

Wireshark 4.6.7 patches a dozen security flaws 2026-07-09 at 07:45 By Anamarija Pogorelec Network analysts who open packet captures in Wireshark push untrusted data through a large set of protocol dissectors, and each parser is a spot where a malformed frame can trip up the software. The 4.6.7 maintenance release closes twelve of those weak

Wireshark 4.6.7 patches a dozen security flaws Read More »

Inside the Underground Economy: 5 Dark Web Trends Shaping the 2026 Threat Landscape

Inside the Underground Economy: 5 Dark Web Trends Shaping the 2026 Threat Landscape 2026-07-08 at 12:47 By Ashish Khaitan The dark web is no longer just a hidden marketplace for stolen credentials; it has grown far beyond that point and now affects nearly every phase of the cyberattack lifecycle. Markets that once traded only compromised accounts now

Inside the Underground Economy: 5 Dark Web Trends Shaping the 2026 Threat Landscape Read More »

Thousands of malicious AI skills found capable of stealing data, running malware

Thousands of malicious AI skills found capable of stealing data, running malware 2026-07-08 at 12:00 By Anamarija Pogorelec AI agents can browse the web, use external tools, execute commands, and perform tasks on behalf of users. Many rely on skills that define how they interact with services and data. Malicious skills can abuse those capabilities

Thousands of malicious AI skills found capable of stealing data, running malware Read More »

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure 2026-07-08 at 09:00 By Mirko Zorz In this interview with Help Net Security, Miranda Ritchie, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing processes. She explains why a cyber incident in these settings can harm people, equipment and

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure Read More »

20 open-source cybersecurity tools to keep your team ready for anything

20 open-source cybersecurity tools to keep your team ready for anything 2026-07-08 at 08:30 By Anamarija Pogorelec AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent

20 open-source cybersecurity tools to keep your team ready for anything Read More »

Scroll to Top