Don’t miss

Unpatched ScreenConnect servers open to attack (CVE-2026-3564)

ConnectWise, Don't miss, Hot stuff, MSP, News, remote management, vulnerability /

Unpatched ScreenConnect servers open to attack (CVE-2026-3564) 2026-03-20 at 11:44 By Zeljka Zorz ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and technology solution […]

Unpatched ScreenConnect servers open to attack (CVE-2026-3564) Read More »

DarkSword: Researchers uncover another iOS exploit kit

cyber espionage, cybercrime, data theft, Don't miss, exploit kit, Google, Hot stuff, iOS, iPhone, iVerify, Lookout, News /

DarkSword: Researchers uncover another iOS exploit kit 2026-03-19 at 16:54 By Zeljka Zorz A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google researchers have shared. iOS vulnerabilities exploited by DarkSword Two weeks ago, Google Threat Intelligence Group (GTIG) and iVerify disclosed the

DarkSword: Researchers uncover another iOS exploit kit Read More »

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)

CISA, Don't miss, Hot stuff, Microsoft, News, SharePoint, vulnerability /

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) 2026-03-19 at 13:32 By Zeljka Zorz CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers. The confirmation comes from the US Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities

CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963) Read More »

AI got it wrong with high confidence. Now what?

Artificial Intelligence, Don't miss, Features, Hot stuff, LLMs, machine learning, News, opinion, SPRYFOX, strategy /

AI got it wrong with high confidence. Now what? 2026-03-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Christian Debes, Head of Data Analytics & AI at SPRYFOX, talks about the growing gap between what AI models do and what their operators can explain. He argues this gap is already a liability,

AI got it wrong with high confidence. Now what? Read More »

Betterleaks: Open-source secrets scanner

Aikido Security, DevSecOps, Don't miss, GitHub, Hot stuff, News, open source, scanner, scanning, software /

Betterleaks: Open-source secrets scanner 2026-03-19 at 09:02 By Anamarija Pogorelec Secrets scanning has become standard practice across engineering organizations, and Gitleaks has been one of the most widely used tools in that space. The author of that project has now released a new tool called Betterleaks, which is designed to scan git repositories, directories, and

Betterleaks: Open-source secrets scanner Read More »

Stop building security goals around controls

CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, security metrics, security ROI, strategy /

Stop building security goals around controls 2026-03-18 at 09:27 By Mirko Zorz In this Help Net Security interview, Devin Rudnicki, CISO at Fitch Group, argues that security strategy fails when it loses its connection to business outcomes. Rudnicki walks through how to align security goals with corporate priorities, why CISOs must present risk in terms

Stop building security goals around controls Read More »

What to do in the first 24 hours of a breach

CISO, Compliance, cybersecurity, CYGNVS, data breach, Don't miss, Incident Response, News, strategy, tips, Video /

What to do in the first 24 hours of a breach 2026-03-17 at 07:59 By Help Net Security In this Help Net Security video, Arvind Parthasarathi, CEO of CYGNVS, walks through a 10-step process for handling a cybersecurity breach. The first five steps cover preparation: setting up an out-of-band communication platform, identifying internal stakeholders, selecting

What to do in the first 24 hours of a breach Read More »

Certificate lifespans are shrinking and most organizations aren’t ready

certificates, cybersecurity, Don't miss, Encryption, Features, GlobalSign, Hot stuff, News, PKI, quantum computing, strategy /

Certificate lifespans are shrinking and most organizations aren’t ready 2026-03-16 at 08:32 By Mirko Zorz The push for shorter TLS certificate lifespans has been building for years. It started with Google’s internal push toward 90-day certificates, which gained traction inside the industry before resistance from enterprise customers slowed things down. Then Apple proposed 47-day certificates,

Certificate lifespans are shrinking and most organizations aren’t ready Read More »

What smart factories keep getting wrong about cybersecurity

CISO, cybersecurity, digital transformation, Don't miss, Features, Hot stuff, IIoT, Internet of Things, News, opinion, strategy /

What smart factories keep getting wrong about cybersecurity 2026-03-16 at 08:24 By Mirko Zorz In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the biggest vulnerabilities in smart factory environments today, from IoT devices and legacy systems to human error. He explains how unmanaged devices, from sensors to robotic components, often go

What smart factories keep getting wrong about cybersecurity Read More »

VulHunt: Open-source vulnerability detection framework

Binarly, Don't miss, framework, GitHub, Hot stuff, News, open source, software /

VulHunt: Open-source vulnerability detection framework 2026-03-16 at 07:40 By Anamarija Pogorelec Binarly has published VulHunt Community Edition, making the core scanning engine from Binarly’s commercial Transparency Platform available to independent researchers and practitioners. What VulHunt does VulHunt Community Edition is a framework for detecting vulnerabilities in compiled software. It operates against multiple binary representations simultaneously,

VulHunt: Open-source vulnerability detection framework Read More »

AI coding agents keep repeating decade-old security mistakes

agentic AI, Anthropic, Artificial Intelligence, Claude Code, cybersecurity, Don't miss, DryRun Security, Google, Hot stuff, News, OpenAI, programming, report /

AI coding agents keep repeating decade-old security mistakes 2026-03-13 at 08:01 By Anamarija Pogorelec Coding agents are now writing production features on real development teams, and a new report from DryRun Security shows that those agents introduce security vulnerabilities at a high rate across nearly every type of application they build. “AI coding agents can

AI coding agents keep repeating decade-old security mistakes Read More »

Passwords, MFA, and why neither is enough

authentication, Don't miss, FIDO Alliance, MFA, News, passwords, Portnox, strategy, tips, Video /

Passwords, MFA, and why neither is enough 2026-03-13 at 07:37 By Help Net Security Passwords weren’t enough, so we added MFA. Now MFA isn’t enough either. In this Help Net Security video, Karlo Zatylny, CTO/CISO at Portnox, walks through why each layer of identity security has failed and what comes next. SMS codes can be

Passwords, MFA, and why neither is enough Read More »

Stop fixing OT security with IT thinking

CISO, cybersecurity, Don't miss, Endpoint Security, Features, Hot stuff, IIoT, Internet of Things, manufacturing sector, News, opinion, strategy /

Stop fixing OT security with IT thinking 2026-03-12 at 08:35 By Mirko Zorz In this Help Net Security interview, Ejona Preçi, Group CISO at Lindal Group, discusses the specific cybersecurity challenges in manufacturing environments. The conversation covers why standard IT security practices break down on shop floors, where PLCs and decade-old firmware were never designed

Stop fixing OT security with IT thinking Read More »

Does Anthropic deserve the trust of the cybersecurity community?

Anthropic, Artificial Intelligence, Compliance, cybersecurity, Don't miss, Expert analysis, Hot stuff, Looking Glass Public Relations, News, opinion /

Does Anthropic deserve the trust of the cybersecurity community? 2026-03-12 at 08:35 By Help Net Security The cybersecurity industry runs on trust. The belief that when a vendor says they will behave a certain way, they will, that critical CVEs are in fact critical, or when companies say they’re GDPR compliant, they really are. But

Does Anthropic deserve the trust of the cybersecurity community? Read More »

Agentic attack chains advance as infostealers flood criminal markets

agentic AI, Artificial Intelligence, attacks, CISO, cyber risk, Don't miss, Flashpoint, News, report, survey, Threat Intelligence, threats /

Agentic attack chains advance as infostealers flood criminal markets 2026-03-12 at 08:35 By Mirko Zorz Cybercriminals spent much of 2025 automating their operations, shifting from one-off attacks to systems that can run entire intrusion cycles with minimal human input. Data collected from criminal forums, illicit marketplaces, and underground chat services shows a threat environment where

Agentic attack chains advance as infostealers flood criminal markets Read More »

ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites

access controls, access management, data theft, Don't miss, Hot stuff, misconfiguration, News, Salesforce /

ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites 2026-03-11 at 20:28 By Zeljka Zorz Salesforce customers have, once again, been targeted by the ShinyHunters group – or, at least, it’s what the group claims. Attackers modified and abused benign tool On Saturday, Saleforce confirmed that its security team has identified an attack campaign by

ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites Read More »

Researchers uncover AI-powered vishing platform

AI, Artificial Intelligence, Don't miss, Hot stuff, Mirage Security, News, scams, threats, vishing /

Researchers uncover AI-powered vishing platform 2026-03-11 at 20:28 By Zeljka Zorz A vishing-as-a-service platform that helps scammers carry out so-called “press 1” scams is misusing text-to-speech (TTS) capabilities provided by AI voice technology company ElevenLabs, Mirage Security researchers claim. How “press 1” vishing scams work For “press 1” scams, fraudsters spoof phone numbers of trusted

Researchers uncover AI-powered vishing platform Read More »

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited

Don't miss, Hot stuff, Immersive, Microsoft, MS Office, MS SQL Server, NCSC-NL, News, Outlook, Rapid7, security update, Trend Micro, vulnerability, Windows /

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited 2026-03-11 at 12:31 By Zeljka Zorz On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. Of these, two were publicly disclosed, but not actively exploited. Privilege escalation vulnerabilities abound The two publicly disclosed flaws are CVE-2026-21262, a

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited Read More »

Zero trust, zero buzzwords: Here’s what it means

cybersecurity, Don't miss, News, strategy, tips, Video, VPN, Zenarmor, zero trust /

Zero trust, zero buzzwords: Here’s what it means 2026-03-11 at 09:21 By Help Net Security In this Help Net Security video, Murat Balaban, CEO of Zenarmor, breaks down zero trust and zero trust network access (ZTNA) without the buzzwords. The video covers why this approach matters, including the risk of lateral movement after a breach

Zero trust, zero buzzwords: Here’s what it means Read More »

Scroll to Top