cybersecurity

A nearly undetectable LLM attack needs only a handful of poisoned samples

Artificial Intelligence, attacks, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, research /

A nearly undetectable LLM attack needs only a handful of poisoned samples 2026-03-26 at 12:32 By Mirko Zorz Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet addressed. Researchers have developed and tested a prompt-based backdoor attack […]

A nearly undetectable LLM attack needs only a handful of poisoned samples Read More »

Google races to secure encryption before quantum threats arrive

Android, cybersecurity, Google, News, public-key cryptography, quantum computing /

Google races to secure encryption before quantum threats arrive 2026-03-26 at 12:07 By Sinisa Markovic Google is preparing for the quantum era, a turning point in digital security, with a 2029 timeline for post-quantum cryptography (PQC) migration. Security professionals warn that current encryption could be broken by large-scale quantum computers in the coming years. This

Google races to secure encryption before quantum threats arrive Read More »

Who owns AI agent access? At most companies, nobody knows

agentic AI, Artificial Intelligence, CISO, Cloud Security Alliance, cybersecurity, News, report, RSAC 2026 /

Who owns AI agent access? At most companies, nobody knows 2026-03-26 at 07:12 By Anamarija Pogorelec AI agents are operating across production enterprise environments at scale, and the identity infrastructure managing their access has not kept up with their deployment. A January 2026 survey of 228 IT and security professionals, conducted by the Cloud Security

Who owns AI agent access? At most companies, nobody knows Read More »

Gemini picks up criminal activity buried in dark web noise

Artificial Intelligence, cybersecurity, dark web, Google, News, RSAC 2026 /

Gemini picks up criminal activity buried in dark web noise 2026-03-25 at 15:07 By Sinisa Markovic To help teams make faster and more accurate decisions on emerging threats, Google has introduced a dark web intelligence capability in Google Threat Intelligence. Powered by Gemini, the feature analyzes millions of dark web events each day and surfaces

Gemini picks up criminal activity buried in dark web noise Read More »

Why your phishing simulations aren’t building a security culture

cyber resilience, cyber risk, cybersecurity, Don't miss, Immersive, News, phishing, Risk Management, security culture, skill development, strategy, tips, Video /

Why your phishing simulations aren’t building a security culture 2026-03-25 at 08:07 By Help Net Security Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell us nothing

Why your phishing simulations aren’t building a security culture Read More »

Your security stack looks fine from the dashboard and that’s the problem

Absolute, CISO, cyber resilience, cyber risk, cybersecurity, Don't miss, endpoint management, enterprise, generative AI, News, report, Risk Management, RSAC 2026 /

Your security stack looks fine from the dashboard and that’s the problem 2026-03-25 at 08:07 By Anamarija Pogorelec One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience

Your security stack looks fine from the dashboard and that’s the problem Read More »

The AI safety conversation is focused on the wrong layer

agentic AI, Artificial Intelligence, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, RSAC 2026, strategy, Teleport /

The AI safety conversation is focused on the wrong layer 2026-03-24 at 16:30 By Mirko Zorz Organizations have spent years accumulating fragmented identity systems: too many roles, too many credentials, too many disconnected tools. For a workforce of humans, that fragmentation was manageable. Humans log in, log out, and make decisions slowly enough that gaps

The AI safety conversation is focused on the wrong layer Read More »

Quantum threats are already active and the defense response remains fragmented

CISO, cybersecurity, Don't miss, Encryption, Features, Hot stuff, News, pQCee, quantum computing, RSAC 2026, strategy /

Quantum threats are already active and the defense response remains fragmented 2026-03-23 at 17:17 By Mirko Zorz Enterprises are moving toward post-quantum security at uneven speeds, and the gap between organizations that have built crypto-agility into their infrastructure and those that have adopted the label without the underlying capability is widening. Dr. Tan Teik Guan,

Quantum threats are already active and the defense response remains fragmented Read More »

The devices winning the race to get hacked in 2026

cyber risk, cybersecurity, Forescout, hardware, Internet of Things, News, report, survey /

The devices winning the race to get hacked in 2026 2026-03-23 at 17:17 By Sinisa Markovic Enterprise networks keep adding connected devices, expanding the attack surface as threat actors target a wider range of systems, many of which are difficult to inventory, secure, and patch consistently. (Source: Forescout) Forescout’s 2026 Riskiest Devices research maps that

The devices winning the race to get hacked in 2026 Read More »

Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps

Aurigo Software Technologies, cybersecurity, Don't miss, GitHub, GitLab, News, open source, scanner, software /

Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps 2026-03-23 at 09:18 By Anamarija Pogorelec GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose protection settings, and required templates go missing. An open-source tool called Plumber automates the detection of

Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps Read More »

Your AI agents are moving sensitive data. Do you know where?

agentic AI, Artificial Intelligence, Bonfy.AI, CISO, CXO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, RSAC 2026, strategy, threat modeling /

Your AI agents are moving sensitive data. Do you know where? 2026-03-23 at 09:18 By Mirko Zorz In this Help Net Security interview, Gidi Cohen, CEO at Bonfy.AI, addresses what he sees as the most pressing gap in AI agent security: data-layer risk. While the industry focuses on prompt injection and model behavior, Cohen argues

Your AI agents are moving sensitive data. Do you know where? Read More »

NIST updates its DNS security guidance for the first time in over a decade

cybersecurity, DNS, DNSSEC, Don't miss, how-to, Infoblox, News, NIST, security standard /

NIST updates its DNS security guidance for the first time in over a decade 2026-03-23 at 09:18 By Mirko Zorz DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure

NIST updates its DNS security guidance for the first time in over a decade Read More »

Secure endpoint management systems immediately, CISA urges

CISA, cybersecurity, endpoint management, Endpoint Security, Government, Microsoft, News, USA /

Secure endpoint management systems immediately, CISA urges 2026-03-19 at 14:59 By Sinisa Markovic The US Cybersecurity and Infrastructure Security Agency (CISA) warns that the cyberattack on Stryker Corporation serves as a signal to U.S. organizations that foreign cyber activity tied to Middle East conflicts may be spilling into their operations. Attackers breached Stryker’s internal Microsoft

Secure endpoint management systems immediately, CISA urges Read More »

Inside Russia’s Shift to Credential-Based Intrusions: What CISOs Need to Know in 2026

cyber news, cybersecurity, Dark Web Monitoring, darkweb, EU, Ransomware, Ransomware Insights /

Inside Russia’s Shift to Credential-Based Intrusions: What CISOs Need to Know in 2026 2026-03-19 at 13:32 By Ashish Khaitan Russia-linked hacktivist activity has entered a noticeably different phase. While earlier campaigns leaned heavily on disruption through denial-of-service and opportunistic scanning of exposed systems, the current trajectory shows a stronger dependence on credential-based intrusions and identity-based cyber attacks. For security leaders,

Inside Russia’s Shift to Credential-Based Intrusions: What CISOs Need to Know in 2026 Read More »

Your APIs are under siege, and attackers are just getting warmed up

Akamai, API security, cybersecurity, Data Protection, News, report /

Your APIs are under siege, and attackers are just getting warmed up 2026-03-19 at 07:21 By Anamarija Pogorelec Internet-facing systems are handling sustained levels of malicious traffic across APIs, web applications, and DDoS channels. Akamai’s State of the Internet security report places these patterns within the same operating environment, with activity increasing across each area

Your APIs are under siege, and attackers are just getting warmed up Read More »

Apple starts issuing lightweight security updates between software releases

apple, cybersecurity, iOS, News, update /

Apple starts issuing lightweight security updates between software releases 2026-03-18 at 13:32 By Sinisa Markovic Apple is delivering small security updates, called Background Security Improvements, starting with iOS 26.1, iPadOS 26.1, and macOS 26.1. Apple describes Background Security Improvements as lightweight security releases for components such as Safari, the WebKit framework, and other system libraries,

Apple starts issuing lightweight security updates between software releases Read More »

Major tech companies invest $12.5 million in open source security

Anthropic, Artificial Intelligence, AWS, cybersecurity, GitHub, Google, Microsoft, News, open source, OpenAI, OpenSSF, The Linux Foundation /

Major tech companies invest $12.5 million in open source security 2026-03-18 at 11:31 By Sinisa Markovic The Linux Foundation announced $12.5 million in grant funding backed by Anthropic, AWS, GitHub, Google, Google DeepMind, Microsoft, and OpenAI to strengthen open source security. The funding will be directed through the foundation’s Alpha-Omega Project and the Open Source

Major tech companies invest $12.5 million in open source security Read More »

Stop building security goals around controls

CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, security metrics, security ROI, strategy /

Stop building security goals around controls 2026-03-18 at 09:27 By Mirko Zorz In this Help Net Security interview, Devin Rudnicki, CISO at Fitch Group, argues that security strategy fails when it loses its connection to business outcomes. Rudnicki walks through how to align security goals with corporate priorities, why CISOs must present risk in terms

Stop building security goals around controls Read More »

EU sanctions Chinese company behind 65,000-device hack

China, cyberattacks, cybersecurity, EU, Government, Iran, News /

EU sanctions Chinese company behind 65,000-device hack 2026-03-17 at 14:26 By Sinisa Markovic The EU Council has sanctioned companies from China and Iran, along with two individuals, over cyberattacks targeting its member states and partners. “Those listed are subject to an asset freeze, while EU citizens and companies are prohibited from providing them with funds

EU sanctions Chinese company behind 65,000-device hack Read More »

Scroll to Top