cybersecurity

PentAGI: Open-source autonomous AI penetration testing system

AI, automation, cybersecurity, Don't miss, GitHub, LLMs, News, open source, penetration testing, software /

PentAGI: Open-source autonomous AI penetration testing system 2026-04-22 at 10:09 By Anamarija Pogorelec Penetration testers have long relied on collections of specialized tools, manual coordination, and documented runbooks to work through a target assessment. PentAGI, an open-source project from VXControl, attempts to automate that entire workflow using a multi-agent AI system that plans, researches, and […]

PentAGI: Open-source autonomous AI penetration testing system Read More »

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook

Banks, CISO, cybersecurity, data, Filigran, finance, fraud, News, report, security controls /

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook 2026-04-22 at 10:09 By Anamarija Pogorelec Financially motivated attacks continued to drive the bulk of cyber incidents against banks, insurers, and payment processors in 2025. Approximately 90% of breaches affecting financial institutions carried a financial motive, with data breaches accounting for

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook Read More »

Researchers build an encrypted routing layer for private AI inference

Artificial Intelligence, cybersecurity, Don't miss, Encryption, LLMs, News, research /

Researchers build an encrypted routing layer for private AI inference 2026-04-21 at 07:31 By Sinisa Markovic Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models. A cryptographic technique called Secure Multi-Party Computation (MPC) makes this possible. It splits data

Researchers build an encrypted routing layer for private AI inference Read More »

Threat Landscape March 2026: Ransomware Dominance, Access Brokers, Data Leaks, and Critical Exploitation Trends

cyber news, cybersecurity, data breach, Data leak, Ransomware, Threat Intelligence, Threat Landscape Reports, vulnerability /

Threat Landscape March 2026: Ransomware Dominance, Access Brokers, Data Leaks, and Critical Exploitation Trends 2026-04-20 at 14:37 By Mihir Bagwe Cyble Research & Intelligence Labs (CRIL) in its monthly threat landscape analysis observed a highly active threat environment throughout March 2026, shaped by large-scale ransomware campaigns, persistent data breach activity, growing initial access brokerage markets,

Threat Landscape March 2026: Ransomware Dominance, Access Brokers, Data Leaks, and Critical Exploitation Trends Read More »

Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards

agentic AI, Anthropic, Artificial Intelligence, cybersecurity, Don't miss, News /

Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards 2026-04-16 at 18:06 By Sinisa Markovic Software teams building agentic AI workflows have been pushing frontier models toward longer, unsupervised task runs. Claude Opus 4.7, now generally available from Anthropic, is aimed squarely at that demand, with particular gains in software engineering, multimodal processing, and the

Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards Read More »

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug

cybercrime, cybersecurity, Data exfiltration, Don't miss, fraud, Malware, News, PowerShell, Proofpoint, Pulseway, SimpleHelp, social engineering /

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug 2026-04-16 at 13:34 By Mirko Zorz Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy environment. The environment stayed compromised for more

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug Read More »

OpenAI updates Agents SDK, adds sandbox for safer code execution

Artificial Intelligence, cybersecurity, News, OpenAI /

OpenAI updates Agents SDK, adds sandbox for safer code execution 2026-04-16 at 12:11 By Anamarija Pogorelec OpenAI’s updated Agents SDK helps developers build agents that inspect files, run commands, edit code, and handle tasks within controlled sandbox environments. The update provides standardized infrastructure for OpenAI models, a model-native harness that lets agents work with files

OpenAI updates Agents SDK, adds sandbox for safer code execution Read More »

EU cybersecurity standards are at risk if supplier ban passes

cybersecurity, Don't miss, ENISA, ETSI, EU, Europe, European Commission, framework, News, opinion, standards /

EU cybersecurity standards are at risk if supplier ban passes 2026-04-16 at 10:16 By Mirko Zorz Today, the European standards body ETSI sent a formal position paper to the European Commission, calling for changes to the proposed Cybersecurity Act 2 (CSA2), the EU’s planned revision to its existing cybersecurity certification framework. The paper focuses on

EU cybersecurity standards are at risk if supplier ban passes Read More »

Command integrity breaks in the LLM routing layer

Artificial Intelligence, cybersecurity, LLMs, News, research /

Command integrity breaks in the LLM routing layer 2026-04-16 at 09:02 By Sinisa Markovic Systems that rely on LLM agents often send requests through intermediary routing services before reaching a model. These routers connect to different providers through a single endpoint and manage how requests are handled. This layer can influence what gets executed and

Command integrity breaks in the LLM routing layer Read More »

Wi-Fi roaming security practices for access network providers and identity providers

cybersecurity, networking, News, report, strategy, tips, wireless, Wireless Broadband Alliance /

Wi-Fi roaming security practices for access network providers and identity providers 2026-04-16 at 07:47 By Anamarija Pogorelec Public Wi-Fi roaming networks carry authentication credentials across multiple administrative boundaries, and the protocols governing that process vary widely in their security properties. The Wireless Broadband Alliance published a set of guidelines that specifies which authentication, encryption, and

Wi-Fi roaming security practices for access network providers and identity providers Read More »

OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers

Artificial Intelligence, automation, cybersecurity, Don't miss, LLMs, News, OpenAI /

OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers 2026-04-15 at 10:02 By Sinisa Markovic Defending critical software has long depended on the ability to find and fix vulnerabilities faster than attackers can exploit them. OpenAI is expanding a program designed to give professional defenders prioritized access to AI tools built for that

OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers Read More »

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time

CISO, CVE, cyber resilience, cybersecurity, Don't miss, ENISA, EU, Europe, Features, Hot stuff, MITRE, News, opinion, vulnerability disclosure /

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time 2026-04-15 at 10:02 By Mirko Zorz In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time Read More »

The exploit gap is closing, and your patch cycle wasn’t built for this

Anthropic, Artificial Intelligence, CISO, Cloud Security Alliance, cyber risk, cybersecurity, Don't miss, Hot stuff, how-to, News, opinion, report, Risk Management, strategy, tips /

The exploit gap is closing, and your patch cycle wasn’t built for this 2026-04-15 at 10:02 By Mirko Zorz The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers

The exploit gap is closing, and your patch cycle wasn’t built for this Read More »

Microsoft ends desktop detour for sensitivity labels in Office web apps

cybersecurity, Microsoft, News, Office /

Microsoft ends desktop detour for sensitivity labels in Office web apps 2026-04-15 at 01:42 By Sinisa Markovic Microsoft is rolling out an update to Office for the web that removes a long-standing limitation around document protection, adding new control to browser-based apps. Specifying users in the Permissions dialog (Source: Microsoft) Users can now apply sensitivity

Microsoft ends desktop detour for sensitivity labels in Office web apps Read More »

Testing reveals Claude Mythos’s offensive capabilities and limits

AI, Anthropic, Artificial Intelligence, Cloud Security Alliance, cybersecurity, Don't miss, enterprise, Hot stuff, News, security testing, SMBs, tips /

Testing reveals Claude Mythos’s offensive capabilities and limits 2026-04-14 at 18:15 By Zeljka Zorz Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that

Testing reveals Claude Mythos’s offensive capabilities and limits Read More »

AI adoption is outpacing the safeguards around it

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, Incident Response, News, report, Risk Management /

AI adoption is outpacing the safeguards around it 2026-04-14 at 12:59 By Anamarija Pogorelec AI is becoming part of professional and private life, reaching mainstream adoption faster than the personal computer or the internet. These systems are tested in reasoning, safety, and real-world tasks, but the reliability of those measurements remains uncertain. The 2026 AI

AI adoption is outpacing the safeguards around it Read More »

Review: The Psychology of Information Security

Compliance, cyber risk, cybersecurity, Don't miss, News, opinion, Review, Reviews, Risk Management /

Review: The Psychology of Information Security 2026-04-14 at 09:15 By Mirko Zorz Security controls fail when they are designed without regard for the people who must use them. That is the central argument of Leron Zinatullin’s second edition, and it is an argument he builds methodically across 17 chapters that draw from organizational psychology, change

Review: The Psychology of Information Security Read More »

Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready

agentic AI, Artificial Intelligence, Cisco, Claude Code, cybersecurity, Don't miss, Features, Hot stuff, News, opinion /

Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready 2026-04-14 at 09:15 By Mirko Zorz In this Help Net Security interview, Idan Habler, AI Security Researcher at Cisco, breaks down a threat most security teams haven’t named yet: agentic memory as an attack surface. Habler walks through MemoryTrap, a disclosed

Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready Read More »

29 million leaked secrets in 2025: Why AI agents credentials are out of control

Artificial Intelligence, authentication, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, GitGuardian, Hot stuff, News, opinion /

29 million leaked secrets in 2025: Why AI agents credentials are out of control 2026-04-14 at 08:11 By Help Net Security AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of external services. Every integration point requires an identity. Most

29 million leaked secrets in 2025: Why AI agents credentials are out of control Read More »

Zero trust at year two: What nobody planned for

CISO, cybersecurity, News, Oleria, strategy, tips, Video, zero trust /

Zero trust at year two: What nobody planned for 2026-04-14 at 08:11 By Help Net Security In this Help Net Security video, Jim Alkove, CEO of Oleria, walks through where zero trust programs typically stand one to two years in. Most organizations have made gains in endpoint security and network segmentation, but identity remains the

Zero trust at year two: What nobody planned for Read More »

Scroll to Top