Don’t miss

Engineering trust: A security blueprint for autonomous AI agents

agentic AI, Artificial Intelligence, cybersecurity, Don't miss, framework, Google, Hot stuff, LLMs, News, opinion /

Engineering trust: A security blueprint for autonomous AI agents 2026-03-05 at 07:06 By Help Net Security AI agents have evolved from just chatbots, answering questions to executing actions using various integrated tools, often autonomously, and as such the traditional security models have become less efficient. I have seen that firsthand as a security lead for […]

Engineering trust: A security blueprint for autonomous AI agents Read More »

Webinar: The True State of Security 2026

Don't miss, News, Storyblok, Whitepapers and webinars /

Webinar: The True State of Security 2026 2026-03-04 at 16:00 By Help Net Security AI has become the most popular scapegoat in security. While the risk is real, the obsession is costly. Most security failures don’t start with AI. They start with people, access, and security workflows that don’t scale. This webinar aims to reframe

Webinar: The True State of Security 2026 Read More »

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)

CVE, Don't miss, enterprise, Hot stuff, IceWarp, News, security update, Shadowserver, SMBs, vulnerability /

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) 2026-03-04 at 15:57 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized access to exposed unpatched servers. According to the Shadowserver Foundation, there are currently over 1,200 internet-facing

Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500) Read More »

Cybersecurity professionals are burning out on extra hours every week

burnout, CISO, cybersecurity, Don't miss, News, security ROI, Seemplicity, skill development /

Cybersecurity professionals are burning out on extra hours every week 2026-03-04 at 08:30 By Mirko Zorz Cybersecurity professionals in the U.S. are working an average of 10.8 extra hours per week beyond their contracted schedules, according to survey data collected from 300 cybersecurity and IT leaders by Sapio Research. That figure effectively adds a sixth

Cybersecurity professionals are burning out on extra hours every week Read More »

mquire: Open-source Linux memory forensics tool

computer forensics, cybersecurity, Don't miss, Incident Response, Linux, News, open source, rootkits, software, Trail of Bits /

mquire: Open-source Linux memory forensics tool 2026-03-04 at 08:22 By Anamarija Pogorelec Linux memory forensics has long depended on debug symbols tied to specific kernel versions. These symbols are not installed on production systems by default, and sourcing them from external repositories creates a recurring problem: repositories go stale, kernel builds diverge, and analysts working

mquire: Open-source Linux memory forensics tool Read More »

Why workforce identity is still a vulnerability, and what to do about it

1Kosmos, auditing, authentication, cybersecurity, Don't miss, Hot stuff, identity management, identity verification, News, opinion /

Why workforce identity is still a vulnerability, and what to do about it 2026-03-04 at 07:43 By Help Net Security Most organizations believe they have workforce identity under control. New hires are verified. Accounts are provisioned. Multi-factor authentication is enforced. Audits are passed. Then a breach happens, often through an account that was “properly secured.”

Why workforce identity is still a vulnerability, and what to do about it Read More »

Cybersecurity is now the price of admission for industrial AI

Artificial Intelligence, Cisco, critical infrastructure, cybersecurity, Don't miss, ICS/SCADA, News, report /

Cybersecurity is now the price of admission for industrial AI 2026-03-04 at 07:17 By Mirko Zorz Industrial organizations are accelerating AI deployment across manufacturing, utilities, and transportation and running straight into a security problem. Cisco’s 2026 State of Industrial AI Report, based on responses from more than 1,000 decision-makers across 19 countries, finds that cybersecurity

Cybersecurity is now the price of admission for industrial AI Read More »

Coruna: Spy-grade iOS exploit kit powering financial crime

CVE, cyber espionage, cybercrime, Don't miss, exploit kit, Google, Hot stuff, iOS, Mandiant, News, surveillance, vulnerability /

Coruna: Spy-grade iOS exploit kit powering financial crime 2026-03-03 at 21:02 By Zeljka Zorz A powerful iOS exploit kit has circulated among multiple threat actors over the past year, moving from a commercial surveillance operation to state-linked espionage campaigns and, ultimately, ended into the hands of financially motivated hackers, according to new research from Google’s

Coruna: Spy-grade iOS exploit kit powering financial crime Read More »

Cloudflare tracked 230 billion daily threats and here is what it found

attacks, CISO, Cloudflare, cyber risk, cybercrime, cybersecurity, Don't miss, News, report, threats /

Cloudflare tracked 230 billion daily threats and here is what it found 2026-03-03 at 19:46 By Anamarija Pogorelec Cloudflare’s network blocks over 230 billion threats per day. The volume indicates how routine and automated the attack cycle has become, and the patterns behind that volume point to a shift in how breaches begin and progress.

Cloudflare tracked 230 billion daily threats and here is what it found Read More »

Threat actors weaponize OAuth redirection logic to deliver malware

Don't miss, Government, Hot stuff, Malware, Microsoft, News, OAuth, phishing, public sector, social engineering /

Threat actors weaponize OAuth redirection logic to deliver malware 2026-03-03 at 19:46 By Zeljka Zorz An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to

Threat actors weaponize OAuth redirection logic to deliver malware Read More »

Secure by Design: Building security in at the beginning

Center for Internet Security, Don't miss, Hot stuff, News, Whitepapers and webinars /

Secure by Design: Building security in at the beginning 2026-03-03 at 16:16 By Help Net Security Secure by Design is not a single tool, product, or one‑time activity. It is a holistic approach that requires security to be deliberately embedded from the very beginning, at the point where systems, software, and services are conceived and

Secure by Design: Building security in at the beginning Read More »

Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation

Android, Don't miss, Hot stuff, News, patch, Qualcomm, security update /

Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation 2026-03-03 at 13:58 By Anamarija Pogorelec The Android March 2026 security patch addresses vulnerabilities across dozens of components and includes one CVE confirmed under active exploitation. Devices running a patch level of 2026-03-05 or later receive fixes for all disclosed issues. Android

Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation Read More »

AI went from assistant to autonomous actor and security never caught up

1Password, agentic AI, Artificial Intelligence, CISO, Databricks, Don't miss, Elastic, enterprise, Features, Hot stuff, MIT, News /

AI went from assistant to autonomous actor and security never caught up 2026-03-03 at 08:35 By Mirko Zorz Enterprise AI deployments have shifted from pilot programs to production systems handling customer data, executing business transactions, and integrating with core infrastructure. That has exposed a significant gap between what AI agents can do and what security

AI went from assistant to autonomous actor and security never caught up Read More »

Your dependencies are 278 days out of date and your pipelines aren’t protected

CISO, cyber risk, cybersecurity, Datadog, DevSecOps, Don't miss, News, report, survey /

Your dependencies are 278 days out of date and your pipelines aren’t protected 2026-03-02 at 09:00 By Mirko Zorz Applications continue to ship with known weaknesses even as development workflows speed up. A new Datadog State of DevSecOps 2026 report examines how dependency management and pipeline practices are influencing exposure across cloud native environments. Across

Your dependencies are 278 days out of date and your pipelines aren’t protected Read More »

Security debt is becoming a governance issue for CISOs

CISO, cyber risk, cybersecurity, Don't miss, News, report, Risk Management, Veracode /

Security debt is becoming a governance issue for CISOs 2026-03-02 at 08:30 By Mirko Zorz Application security backlogs keep expanding across large development portfolios. Veracode’s 2026 State of Software Security Report puts numbers behind a familiar operational pattern, fixes lag discovery, and older weaknesses stay open across release cycles. 2026 findings against the 2025 baseline

Security debt is becoming a governance issue for CISOs Read More »

BlacksmithAI: Open-source AI-powered penetration testing framework

Artificial Intelligence, automation, Don't miss, framework, Hot stuff, News, open source, penetration testing, red team, software /

BlacksmithAI: Open-source AI-powered penetration testing framework 2026-03-02 at 08:00 By Mirko Zorz BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. A multi-agent structure for offensive workflows BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution across specialized agents.

BlacksmithAI: Open-source AI-powered penetration testing framework Read More »

When cyber threats start thinking for themselves

agentic AI, Artificial Intelligence, Don't miss, News, opinion, SimSpace, tips, Video /

When cyber threats start thinking for themselves 2026-03-02 at 07:30 By Help Net Security In this Help Net Security video, Jason Rivera, Field CISO & Head of Solution Engineering at SimSpace, discusses how autonomous AI agents are changing cyber threats. Drawing on experience in the US Army, NSA, Deloitte, and CrowdStrike, he describes how security

When cyber threats start thinking for themselves Read More »

IronCurtain: An open-source, safeguard layer for autonomous AI assistants

agentic AI, Artificial Intelligence, Don't miss, GitHub, Hot stuff, News, open source /

IronCurtain: An open-source, safeguard layer for autonomous AI assistants 2026-02-28 at 07:07 By Zeljka Zorz Veteran security engineer Niels Provos is working on a new technical approach designed to stop autonomous AI agents from taking actions you haven’t specifically authorized. His open-source software solution, called IronCurtain, aims to neutralize the risk of an LLM-powered agent

IronCurtain: An open-source, safeguard layer for autonomous AI assistants Read More »

Industrial networks continue to leak onto the internet

automation, CISO, critical infrastructure, cybersecurity, Don't miss, enterprise, Hot stuff, News, Palo Alto Networks, report, Siemens /

Industrial networks continue to leak onto the internet 2026-02-27 at 07:30 By Mirko Zorz Industrial operators continue to run remote access portals, building automation servers, and other operational technology services on public IP address ranges. Palo Alto Networks, Siemens, and Idaho National Laboratory describe the scope of that exposure in the Intelligence-Driven Active Defense Report

Industrial networks continue to leak onto the internet Read More »

Scattered Lapsus$ Hunters seeks women for vishing attacks

cybercriminals, Dataminr, Don't miss, Hot stuff, News, social engineering, tips, vishing /

Scattered Lapsus$ Hunters seeks women for vishing attacks 2026-02-26 at 14:55 By Zeljka Zorz The Scattered Lapsus$ Hunters (SLH) hacking collective has launched a recruitment push aimed specifically at women, offering cash payments for participating in voice-phishing (vishing) attacks. A few days ago, threat intelligence firm Dataminr detected posts on a public Telegram channel advertising

Scattered Lapsus$ Hunters seeks women for vishing attacks Read More »

Scroll to Top