A privacy-first take on local malware analysis 2026-06-26 at 09:00 By Sinisa Markovic Submitting a suspicious file to VirusTotal or MalwareBazaar places a copy of that file on a platform other people can search. Analysts across the industry rely on these services to get a quick verdict on whether a binary is dangerous. The convenience […]
A privacy-first take on local malware analysis Read More »
Two CEOs on why security and AI readiness belong together 2026-06-26 at 08:30 By Mirko Zorz SuperOps and Guardz are bundling PSA, RMM, MDM, and agentic SecOps into one offering for MSPs. In this Help Net Security Q&A, SuperOps CEO Arvind Parthiban and Guardz CEO Dor Eisner explain how a connected stack cuts the time
Two CEOs on why security and AI readiness belong together Read More »
The uptime questions every engineering leader should ask this week 2026-06-25 at 09:30 By Mirko Zorz In this interview with Help Net Security, Mattias Geniar, CTO at Oh Dear, explains why most outages start quietly, as creeping latency or a slow rise in errors. He argues teams alert on the wrong things: absolute numbers instead
The uptime questions every engineering leader should ask this week Read More »
LLM security advice looks solid until you check the hard cases 2026-06-25 at 09:00 By Anamarija Pogorelec Plenty of people now type their security worries straight into a chatbot. A hacked account, a suspicious email, a stalker who might be tracking a phone, all of it lands in the same window someone would use to
LLM security advice looks solid until you check the hard cases Read More »
Scoring AI hackers when there is no answer key 2026-06-25 at 08:30 By Mirko Zorz AI models are solving more and more of the offensive-cyber tests built to measure them. Once a model solves most of a benchmark, that benchmark runs out of room and says little about the best systems anymore. Many of those
Scoring AI hackers when there is no answer key Read More »
Law enforcement hits StealC and Amadey malware networks 2026-06-24 at 18:05 By Zeljka Zorz Operation Endgame, the largest international law enforcement operation aimed at disrupting ransomware and cybercrime infrastructure across the world, has claimed its latest targets: StealC and Amadey. The notice on disrupted websites (Source: Microsoft) While developed by separate criminal groups, those two
Law enforcement hits StealC and Amadey malware networks Read More »
Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230) 2026-06-24 at 14:36 By Zeljka Zorz CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “Our honeypots are seeing automated sweeps dropping webshells, all
Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230) Read More »
What the Fortibleed campaign means for organizations running FortiGate firewalls 2026-06-23 at 17:46 By Zeljka Zorz A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, scripts, and credentials left inadvertently exposed on a server has given researchers an unusually detailed look at
What the Fortibleed campaign means for organizations running FortiGate firewalls Read More »
A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security 2026-06-23 at 08:30 By Mirko Zorz A research team has built a system that teaches AI agents to hunt for software bugs by writing the audit method down as plain text. The system, called EVOHUNT, keeps the underlying AI model fixed and improves only
A $1,400 experiment in AI security auditing outperformed OpenAI’s Codex Security Read More »
Residential proxy SDKs are hiding in LG and Samsung smart TV apps 2026-06-23 at 08:08 By Anamarija Pogorelec Smart TVs in living rooms run small apps that show fish tanks, clocks, solitaire games, and slideshows of puppies. A share of those apps can also send other people’s internet traffic out through the home connection. Spur
Residential proxy SDKs are hiding in LG and Samsung smart TV apps Read More »
23 ClawHub plugins squatting official scopes expose AI registry security gaps 2026-06-22 at 11:00 By Help Net Security Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved
23 ClawHub plugins squatting official scopes expose AI registry security gaps Read More »
Who pays when you gate cyber-capable AI models? 2026-06-22 at 09:00 By Mirko Zorz In this interview with Help Net Security, Jaya Baloo, COO & CISO at Aisle, examines the debate over restricting access to cyber-capable AI models. She lays out the strongest argument for gating these tools, then explains where it breaks down for
Who pays when you gate cyber-capable AI models? Read More »
Agent Beacon: Open-source telemetry layer for AI agents 2026-06-22 at 08:30 By Mirko Zorz AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run commands, and call outside tools. Beacon, an open-source project from Asymptote Labs, configures telemetry for
Agent Beacon: Open-source telemetry layer for AI agents Read More »
Encrypted DNS still tells an eavesdropper where to look 2026-06-22 at 08:00 By Mirko Zorz Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of a query away from anyone watching a network link. The encryption covers the message inside each packet. The packet still carries plaintext
Encrypted DNS still tells an eavesdropper where to look Read More »
Klue breach lead to Salesforce data theft, Huntress affected 2026-06-19 at 15:57 By Zeljka Zorz Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18,
Klue breach lead to Salesforce data theft, Huntress affected Read More »
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) 2026-06-19 at 13:50 By Zeljka Zorz CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) Read More »
Your browser tab could become encrypted storage for someone else’s files 2026-06-19 at 08:30 By Mirko Zorz Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine holding the data can read it. A research paper by Gregory Magarshak, a professor at IENYC,
Your browser tab could become encrypted storage for someone else’s files Read More »
Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned 2026-06-18 at 17:21 By Zeljka Zorz SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned up nearly
Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned Read More »
74,000 Fortinet firewall credentials exposed in FortiBleed data leak 2026-06-18 at 15:10 By Zeljka Zorz A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The data was accidentally exposed by the group on a server, along with other artifacts and tools,
74,000 Fortinet firewall credentials exposed in FortiBleed data leak Read More »
GentleKiller targets more than 400 security processes across 48 products 2026-06-18 at 12:00 By Anamarija Pogorelec Most ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a different model. Its operators develop and maintain a set of tools for shutting down endpoint detection and response (EDR)
GentleKiller targets more than 400 security processes across 48 products Read More »