cybersecurity

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug 2026-04-16 at 13:34 By Mirko Zorz Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy environment. The environment stayed compromised for more […]

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug Read More »

OpenAI updates Agents SDK, adds sandbox for safer code execution

OpenAI updates Agents SDK, adds sandbox for safer code execution 2026-04-16 at 12:11 By Anamarija Pogorelec OpenAI’s updated Agents SDK helps developers build agents that inspect files, run commands, edit code, and handle tasks within controlled sandbox environments. The update provides standardized infrastructure for OpenAI models, a model-native harness that lets agents work with files

OpenAI updates Agents SDK, adds sandbox for safer code execution Read More »

EU cybersecurity standards are at risk if supplier ban passes

EU cybersecurity standards are at risk if supplier ban passes 2026-04-16 at 10:16 By Mirko Zorz Today, the European standards body ETSI sent a formal position paper to the European Commission, calling for changes to the proposed Cybersecurity Act 2 (CSA2), the EU’s planned revision to its existing cybersecurity certification framework. The paper focuses on

EU cybersecurity standards are at risk if supplier ban passes Read More »

Command integrity breaks in the LLM routing layer

Command integrity breaks in the LLM routing layer 2026-04-16 at 09:02 By Sinisa Markovic Systems that rely on LLM agents often send requests through intermediary routing services before reaching a model. These routers connect to different providers through a single endpoint and manage how requests are handled. This layer can influence what gets executed and

Command integrity breaks in the LLM routing layer Read More »

Wi-Fi roaming security practices for access network providers and identity providers

Wi-Fi roaming security practices for access network providers and identity providers 2026-04-16 at 07:47 By Anamarija Pogorelec Public Wi-Fi roaming networks carry authentication credentials across multiple administrative boundaries, and the protocols governing that process vary widely in their security properties. The Wireless Broadband Alliance published a set of guidelines that specifies which authentication, encryption, and

Wi-Fi roaming security practices for access network providers and identity providers Read More »

OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers

OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers 2026-04-15 at 10:02 By Sinisa Markovic Defending critical software has long depended on the ability to find and fix vulnerabilities faster than attackers can exploit them. OpenAI is expanding a program designed to give professional defenders prioritized access to AI tools built for that

OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers Read More »

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time 2026-04-15 at 10:02 By Mirko Zorz In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time Read More »

The exploit gap is closing, and your patch cycle wasn’t built for this

The exploit gap is closing, and your patch cycle wasn’t built for this 2026-04-15 at 10:02 By Mirko Zorz The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers

The exploit gap is closing, and your patch cycle wasn’t built for this Read More »

Microsoft ends desktop detour for sensitivity labels in Office web apps

Microsoft ends desktop detour for sensitivity labels in Office web apps 2026-04-15 at 01:42 By Sinisa Markovic Microsoft is rolling out an update to Office for the web that removes a long-standing limitation around document protection, adding new control to browser-based apps. Specifying users in the Permissions dialog (Source: Microsoft) Users can now apply sensitivity

Microsoft ends desktop detour for sensitivity labels in Office web apps Read More »

Testing reveals Claude Mythos’s offensive capabilities and limits

Testing reveals Claude Mythos’s offensive capabilities and limits 2026-04-14 at 18:15 By Zeljka Zorz Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that

Testing reveals Claude Mythos’s offensive capabilities and limits Read More »

AI adoption is outpacing the safeguards around it

AI adoption is outpacing the safeguards around it 2026-04-14 at 12:59 By Anamarija Pogorelec AI is becoming part of professional and private life, reaching mainstream adoption faster than the personal computer or the internet. These systems are tested in reasoning, safety, and real-world tasks, but the reliability of those measurements remains uncertain. The 2026 AI

AI adoption is outpacing the safeguards around it Read More »

Review: The Psychology of Information Security

Review: The Psychology of Information Security 2026-04-14 at 09:15 By Mirko Zorz Security controls fail when they are designed without regard for the people who must use them. That is the central argument of Leron Zinatullin’s second edition, and it is an argument he builds methodically across 17 chapters that draw from organizational psychology, change

Review: The Psychology of Information Security Read More »

Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready

Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready 2026-04-14 at 09:15 By Mirko Zorz In this Help Net Security interview, Idan Habler, AI Security Researcher at Cisco, breaks down a threat most security teams haven’t named yet: agentic memory as an attack surface. Habler walks through MemoryTrap, a disclosed

Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready Read More »

29 million leaked secrets in 2025: Why AI agents credentials are out of control

29 million leaked secrets in 2025: Why AI agents credentials are out of control 2026-04-14 at 08:11 By Help Net Security AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of external services. Every integration point requires an identity. Most

29 million leaked secrets in 2025: Why AI agents credentials are out of control Read More »

Zero trust at year two: What nobody planned for

Zero trust at year two: What nobody planned for 2026-04-14 at 08:11 By Help Net Security In this Help Net Security video, Jim Alkove, CEO of Oleria, walks through where zero trust programs typically stand one to two years in. Most organizations have made gains in endpoint security and network segmentation, but identity remains the

Zero trust at year two: What nobody planned for Read More »

Black Hat Asia 2026 Is Coming to Singapore — Here’s What the Threat Landscape Looks Like Ahead of It

Black Hat Asia 2026 Is Coming to Singapore — Here’s What the Threat Landscape Looks Like Ahead of It 2026-04-13 at 16:17 By Ashish Khaitan As the cybersecurity community prepares for Black Hat Asia 2026 Singapore, the conversation is shifting from isolated incidents to systemic risk. The Black Hat Asia 2026 conference arrives at a

Black Hat Asia 2026 Is Coming to Singapore — Here’s What the Threat Landscape Looks Like Ahead of It Read More »

Google makes it harder to exploit Pixel 10 modem firmware

Google makes it harder to exploit Pixel 10 modem firmware 2026-04-13 at 15:44 By Sinisa Markovic Google is working to improve the security of Pixel phones by focusing on the cellular baseband modem, a part of the device that handles communication with mobile networks and processes external data. In the Pixel 9, the company introduced

Google makes it harder to exploit Pixel 10 modem firmware Read More »

Seized VerifTools servers expose 915,655 fake IDs, 8 arrested

Seized VerifTools servers expose 915,655 fake IDs, 8 arrested 2026-04-13 at 13:22 By Anamarija Pogorelec On April 7 and 8, Dutch police arrested eight suspects in a nationwide operation targeting users of the VerifTools platform as part of an identity fraud investigation. The suspects, all men aged 20 to 34, are accused of identity fraud,

Seized VerifTools servers expose 915,655 fake IDs, 8 arrested Read More »

Fixing vulnerability data quality requires fixing the architecture first

Fixing vulnerability data quality requires fixing the architecture first 2026-04-13 at 09:02 By Mirko Zorz In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems not designed to collect or manage that data well. They introduce

Fixing vulnerability data quality requires fixing the architecture first Read More »

Bringing governance and visibility to machine and AI identities

Bringing governance and visibility to machine and AI identities 2026-04-13 at 07:32 By Mirko Zorz In this Help Net Security interview, Archit Lohokare, CEO of AppViewX, explains how the rise of AI marked a turning point where machine and AI agent identities began converging into a single problem. Drawing on his experience across IBM and

Bringing governance and visibility to machine and AI identities Read More »

Scroll to Top