Don’t miss

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited

Don't miss, Hot stuff, Immersive, Microsoft, MS Office, MS SQL Server, NCSC-NL, News, Outlook, Rapid7, security update, Trend Micro, vulnerability, Windows /

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited 2026-03-11 at 12:31 By Zeljka Zorz On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. Of these, two were publicly disclosed, but not actively exploited. Privilege escalation vulnerabilities abound The two publicly disclosed flaws are CVE-2026-21262, a […]

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited Read More »

Zero trust, zero buzzwords: Here’s what it means

cybersecurity, Don't miss, News, strategy, tips, Video, VPN, Zenarmor, zero trust /

Zero trust, zero buzzwords: Here’s what it means 2026-03-11 at 09:21 By Help Net Security In this Help Net Security video, Murat Balaban, CEO of Zenarmor, breaks down zero trust and zero trust network access (ZTNA) without the buzzwords. The video covers why this approach matters, including the risk of lateral movement after a breach

Zero trust, zero buzzwords: Here’s what it means Read More »

Cloud-audit: Fast, open-source AWS security scanner

AWS, cloud security, Don't miss, GitHub, Hot stuff, News, scanner, software /

Cloud-audit: Fast, open-source AWS security scanner 2026-03-11 at 09:21 By Mirko Zorz Running AWS security audits without a dedicated security team typically means choosing between enterprise platforms with per-check billing and generic open-source scanners that produce findings with no remediation guidance. Cloud-audit, a Python CLI tool published on GitHub by Mariusz Gebala, takes a narrower

Cloud-audit: Fast, open-source AWS security scanner Read More »

HR, recruiters targeted in year-long malware campaign

Aryaka, Don't miss, Hot stuff, Human Resources, Malware, News, phishing, social engineering /

HR, recruiters targeted in year-long malware campaign 2026-03-10 at 15:39 By Zeljka Zorz An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint detection software, the Russian-speaking attacker(s) behind this campaign have

HR, recruiters targeted in year-long malware campaign Read More »

Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming

CISO, Compliance, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, strategy, travel industry /

Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming 2026-03-10 at 08:30 By Mirko Zorz Pascal Andrei, CSO at Airbus, knows that the aerospace and defense sector is facing a threat environment that is evolving faster than most organizations can track. From sub-tier suppliers quietly becoming entry points for

Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming Read More »

The people behind cyber extortion are often in their forties

cybercrime, cybersecurity, Don't miss, News, Orange Cyberdefense, report /

The people behind cyber extortion are often in their forties 2026-03-10 at 08:00 By Anamarija Pogorelec Many cybercrime investigations end with arrests or indictments that reveal little about the people behind the operations. When authorities do disclose demographic details, the pattern that emerges does not match the common assumption that cyber offenders are mostly very

The people behind cyber extortion are often in their forties Read More »

Fake Claude Code install pages highlight rise of “InstallFix” attacks

Anthropic, Claude Code, Don't miss, Google Search, Hot stuff, malvertising, News, programming, Push Security, social engineering, software development /

Fake Claude Code install pages highlight rise of “InstallFix” attacks 2026-03-09 at 12:58 By Zeljka Zorz Users looking for Anthropic’s Claude Code agentic AI coding tool are being tricked via fake Claude Code install pages into running malware, Push Security researchers have warned. The attackers behind this scheme are faithfully cloning Anthropic’s installation page, hosting

Fake Claude Code install pages highlight rise of “InstallFix” attacks Read More »

Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity

CISO, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, resilience, strategy, ThriveDX, tips /

Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity 2026-03-09 at 09:01 By Mirko Zorz Stu Hirst was already a CISO when he started to go deaf. It was 2023, and the hearing loss crept in over months, enough for him to adapt, to lean on hearing aids and captions, to quietly reorganize

Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity Read More »

Turning expertise into opportunity for women in cybersecurity

conferences, Don't miss, Features, Hot stuff, News /

Turning expertise into opportunity for women in cybersecurity 2026-03-09 at 08:32 By Mirko Zorz Speaker diversity in cybersecurity has been a talking point for over a decade, with panels, pledges, and dedicated conference tracks failing to produce change. Stages still skew heavily male, even as women represent millions of qualified professionals in the field. SheSpeaksCyber,

Turning expertise into opportunity for women in cybersecurity Read More »

Open-source tool Sage puts a security layer between AI agents and the OS

agentic AI, cybersecurity, Don't miss, Gen Digital, GitHub, Hot stuff, News, open source, software /

Open-source tool Sage puts a security layer between AI agents and the OS 2026-03-09 at 08:06 By Anamarija Pogorelec Autonomous AI agents running on developer workstations execute shell commands, fetch URLs, and write files with little or no inspection of what they are doing. Open-source project Sage inserts an interception layer between an AI agent

Open-source tool Sage puts a security layer between AI agents and the OS Read More »

Iran-linked APT targets US critical sectors with new backdoors

APT, backdoor, Carbon Black, Ctrl-Alt-Intel, cyber espionage, Don't miss, Hot stuff, Iran, Israel, News, Symantec, USA /

Iran-linked APT targets US critical sectors with new backdoors 2026-03-06 at 15:56 By Zeljka Zorz An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader cyber operations connected to escalating geopolitical tensions in the Middle East. New backdoors used by

Iran-linked APT targets US critical sectors with new backdoors Read More »

March 2026 Patch Tuesday forecast: Is AI security an oxymoron?

Adobe, apple, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

March 2026 Patch Tuesday forecast: Is AI security an oxymoron? 2026-03-06 at 10:47 By Help Net Security Developers and analysts are using more AI tools to produce code and to test both the performance and security of the finished products. They are also embedding AI functionality in their products directly. But just how secure are

March 2026 Patch Tuesday forecast: Is AI security an oxymoron? Read More »

Backup strategies are working, and ransomware gangs are responding with data theft

Coalition, cybercrime, cybersecurity, Don't miss, News, report /

Backup strategies are working, and ransomware gangs are responding with data theft 2026-03-06 at 09:18 By Sinisa Markovic Business email compromise (BEC) and funds transfer fraud combined for 58% of all cyber insurance claims filed in 2025, according to data from Coalition covering more than 100,000 policyholders across the United States, Canada, the United Kingdom,

Backup strategies are working, and ransomware gangs are responding with data theft Read More »

Why phishing still works today

attacks, cybersecurity, Don't miss, News, opinion, phishing, Terra Security, tips, Video /

Why phishing still works today 2026-03-06 at 08:30 By Help Net Security In this Help Net Security video, Gal Livschitz, Senior Penetration Tester at Terra Security, explains how phishing has evolved and why employees still fall for it. He outlines how phishing now uses HTTPS, branded pages, and lookalike domains, making attacks harder to spot.

Why phishing still works today Read More »

What happens when AI teams compete against human hackers

Artificial Intelligence, automation, CTF, cybersecurity, Don't miss, Hack The Box, News, penetration testing, report /

What happens when AI teams compete against human hackers 2026-03-06 at 07:58 By Anamarija Pogorelec A cybersecurity competition produced what may be the largest controlled dataset comparing AI-augmented teams to human-only teams on professional-grade offensive security tasks. The event, called NeuroGrid, ran for 72 hours on the Hack The Box platform and drew 1,337 registered

What happens when AI teams compete against human hackers Read More »

Cisco warns of SD-WAN Manager exploitation, fixes 48 firewall vulnerabilities

Cisco, Don't miss, firewall, Hot stuff, News, SD-WAN, vulnerability /

Cisco warns of SD-WAN Manager exploitation, fixes 48 firewall vulnerabilities 2026-03-05 at 15:59 By Zeljka Zorz Cisco has confirmed that two Catalyst SD-WAN Manager vulnerabilities (CVE-2026-20128 and CVE-2026-20122) patched in late February 2025 are being exploited by attackers. The exploited vulnerabilities (CVE-2026-20128, CVE-2026-20122) CVE-2026-20128 is a bug in the Data Collection Agent (DCA) feature of

Cisco warns of SD-WAN Manager exploitation, fixes 48 firewall vulnerabilities Read More »

FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289)

CVE, Don't miss, exploit, FreeScout, Hot stuff, News, open source, Ox Security, PoC, security update, vulnerability /

FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289) 2026-03-05 at 14:27 By Zeljka Zorz A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially crafted email to a FreeScout mailbox. CVE-2026-28289 exploitation FreeScout is a free, open-source help desk and

FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289) Read More »

As AI agents start making purchases, security teams must rethink risk

agentic AI, Chargebacks911, Don't miss, enterprise, Features, fraud, Hot stuff, News, Privacy, procurement, risk /

As AI agents start making purchases, security teams must rethink risk 2026-03-05 at 08:17 By Zeljka Zorz In this Help Net Security interview, Donald Kossmann, CTO at fintech company Chargebacks911, talks about the emerging security, fraud, and governance risks of “agentic commerce,” where AI agents can autonomously make purchasing decisions on behalf of users or

As AI agents start making purchases, security teams must rethink risk Read More »

Engineering trust: A security blueprint for autonomous AI agents

agentic AI, Artificial Intelligence, cybersecurity, Don't miss, framework, Google, Hot stuff, LLMs, News, opinion /

Engineering trust: A security blueprint for autonomous AI agents 2026-03-05 at 07:06 By Help Net Security AI agents have evolved from just chatbots, answering questions to executing actions using various integrated tools, often autonomously, and as such the traditional security models have become less efficient. I have seen that firsthand as a security lead for

Engineering trust: A security blueprint for autonomous AI agents Read More »

Scroll to Top