Securing digital keys when your phone unlocks the car 2026-06-18 at 09:00 By Mirko Zorz In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She […]
Securing digital keys when your phone unlocks the car Read More »
How security teams are getting credential visibility into developer endpoints 2026-06-18 at 08:30 By Help Net Security As we noted in our earlier analysis, attackers already know secrets are on your developers’ machines, the only question is whether security teams do. The supply chain attack calendar of 2026 has been relentless. Megalodon backdoored 5,500 GitHub
How security teams are getting credential visibility into developer endpoints Read More »
What happens to oversight when AI agents write a lab’s own code 2026-06-18 at 08:00 By Mirko Zorz Inside the labs building frontier AI, a growing share of the coding gets done by the AI itself. These agents write, edit, and run software with light human oversight between steps, and they reach into production infrastructure,
What happens to oversight when AI agents write a lab’s own code Read More »
Low-skilled attacker used Claude, Codex to breach 14 companies 2026-06-17 at 18:43 By Zeljka Zorz Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researchers bears that out. After recovering and analyzing over 1,000 agent sessions from a compromised server
Low-skilled attacker used Claude, Codex to breach 14 companies Read More »
Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) 2026-06-17 at 14:26 By Zeljka Zorz Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update that addresses this vulnerability.” The vulnerability, which has been assigned
Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) Read More »
The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects 2026-06-17 at 12:42 By Mirko Zorz Chainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live with more than two dozen member organizations. Founding members include BNY, Chainguard,
The SOC’s visibility gap comes down to staffing 2026-06-17 at 09:00 By Mirko Zorz AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools in their daily work. The catch shows up one layer down. Roughly a third
The SOC’s visibility gap comes down to staffing Read More »
The checklist problem behind critical infrastructure cyber safety 2026-06-17 at 07:00 By Anamarija Pogorelec An asset owner can meet major federal cyber compliance standards and still run equipment that lacks the engineering to withstand an attack or a failure. New research from George Mason University examines how United States cyber policy defines reasonable care for
The checklist problem behind critical infrastructure cyber safety Read More »
Attackers are exploiting FortiSandbox vulnerabilities 2026-06-16 at 18:27 By Zeljka Zorz Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger automated responses. The warning came on Monday from threat intelligence company Defused, which said
Attackers are exploiting FortiSandbox vulnerabilities Read More »
SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558) 2026-06-16 at 16:33 By Zeljka Zorz A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to create a new “Technician” account and use it to remote into managed endpoints, execute scripts,
Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262) 2026-06-16 at 13:20 By Zeljka Zorz Cisco has revealed another Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) that its Product Security Incident Response Team observed being exploited by attackers. But the associated security advisory also states that “the vulnerability was found during internal security testing”, raising the
Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262) Read More »
Reachability makes AI threat modeling worth the trust 2026-06-16 at 09:00 By Mirko Zorz In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walks
Reachability makes AI threat modeling worth the trust Read More »
EU Cybersecurity Act 2.0: When good regulation goes bad 2026-06-16 at 08:30 By Help Net Security Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain attacks targeting our critical infrastructure, that seriousness is welcome. But good intentions and good policy
EU Cybersecurity Act 2.0: When good regulation goes bad Read More »
China-linked spies backdoored authentication stack to stay hidden for years 2026-06-15 at 18:27 By Zeljka Zorz A China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the results of a forensic investigation published by cybersecurity firm Sygnia. The group’s
China-linked spies backdoored authentication stack to stay hidden for years Read More »
Onspring CISO on where automated GRC systems fall short 2026-06-15 at 09:00 By Mirko Zorz In this interview with Help Net Security, Nichole Windholz, CISO at Onspring, talks about the limits of automated GRC systems and continuous control monitoring. She explains why color-coded dashboards can hide nuance, how teams can check the data feeding their
Onspring CISO on where automated GRC systems fall short Read More »
Open-source CI/CD abuse detector guards against stolen credential attacks 2026-06-15 at 08:30 By Sinisa Markovic CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, workflows, and automation configurations. The repository contains drop-in templates for GitHub Actions, GitLab CI, and Azure
Open-source CI/CD abuse detector guards against stolen credential attacks Read More »
A hardware neural network backdoor that hides in plain sight 2026-06-15 at 08:00 By Mirko Zorz Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and low power consumption that edge applications need. Many of these chips
A hardware neural network backdoor that hides in plain sight Read More »
Proving what a military AI model will do is the real problem 2026-06-15 at 07:30 By Sinisa Markovic Defense contractors build AI systems that task drones automatically and propose kill-chains to support soldiers. Several of these contractors have partnered with frontier AI companies to put advanced models into military tools. Anduril works with OpenAI, Palantir
Proving what a military AI model will do is the real problem Read More »
Senior engineers are spending their week cleaning up AI-generated code 2026-06-15 at 07:00 By Anamarija Pogorelec At most U.S. technology companies, machines now write the bulk of the code that ships each week. The engineer’s job has shifted toward reviewing what the AI produces, and that review gives the code high marks. Leaders rate AI-generated
Senior engineers are spending their week cleaning up AI-generated code Read More »
Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) 2026-06-12 at 15:14 By Zeljka Zorz WatchTowr researchers have disclosed a technical analysis and a “Detection Artefact Generator” for CVE-2026-50751, an authentication bypass flaw in Check Point’s Remote Access VPN and Mobile Access, which the vendor confirmed to be actively exploited. The attacks were
Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) Read More »