Don’t miss

Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)

Check Point, Don't miss, Hot stuff, News, PoC, VPN, vulnerability, WatchTowr /

Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) 2026-06-12 at 15:14 By Zeljka Zorz WatchTowr researchers have disclosed a technical analysis and a “Detection Artefact Generator” for CVE-2026-50751, an authentication bypass flaw in Check Point’s Remote Access VPN and Mobile Access, which the vendor confirmed to be actively exploited. The attacks were […]

Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) Read More »

How to use NIST and ISO frameworks to govern AI agents

agentic AI, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, News, NIST, opinion, Token Security /

How to use NIST and ISO frameworks to govern AI agents 2026-06-12 at 11:07 By Help Net Security Security leaders no longer need convincing that AI agents introduce risk. What’s missing is how to govern them once they move into production and begin operating autonomously across enterprise environments. AI agents already read sensitive documents, invoke

How to use NIST and ISO frameworks to govern AI agents Read More »

The assembly line behind 1.5 million malicious domains

AWS, Cloudflare, cybercrime, cybersecurity, domain information, Don't miss, News, research, threats, VirusTotal /

The assembly line behind 1.5 million malicious domains 2026-06-12 at 11:07 By Anamarija Pogorelec Attackers registered roughly 1.5 million malicious domains during the first five months of 2026. The registration patterns resemble industrial output. Most of the domains were created by attackers, put to use within weeks, and concentrated among a small set of registrars,

The assembly line behind 1.5 million malicious domains Read More »

CISA orders federal agencies to “patch smarter”

CISA, Cisco, Don't miss, enterprise, Government, Hot stuff, News, NIST, risk assessment, USA, vulnerability management /

CISA orders federal agencies to “patch smarter” 2026-06-11 at 20:18 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a Binding Operational Directive that will change how the US federal government approaches vulnerability management. The directive arrives as the patching problem has become nearly unmanageable, driven by a surge in newly

CISA orders federal agencies to “patch smarter” Read More »

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert

0-day, Data leak, data theft, Don't miss, education, extortion, Hot stuff, News, Oracle, vulnerability /

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert 2026-06-11 at 15:41 By Zeljka Zorz A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today. The warning comes a day after Oracle published an out-of-band security alert

Oracle PeopleSoft servers under attack, Oracle pushes out-of-band security alert Read More »

Threat actors are recruiting the people who hold cloud logins

CISO, cloud security, cyber risk, cybersecurity, Don't miss, Insider Threat, Intel 471, News, report, threats /

Threat actors are recruiting the people who hold cloud logins 2026-06-11 at 11:18 By Anamarija Pogorelec Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into a security variable, and members of the cybercrime underground have built

Threat actors are recruiting the people who hold cloud logins Read More »

Making the cloud prove it followed your privacy wishes

auditing, Cloud, cloud security, cloud storage, Compliance, data, data security, Don't miss, EU, News, Privacy, regulation, research, storage, strategy /

Making the cloud prove it followed your privacy wishes 2026-06-11 at 08:43 By Sinisa Markovic Making companies that store personal data in cloud key-value databases handle deletion requests by running the operation and confirming the job is complete. The people making those requests and the regulators overseeing them have had limited means to confirm the

Making the cloud prove it followed your privacy wishes Read More »

Prompt injection still drives most agentic AI security failures in production

agentic AI, AI, cybersecurity, Don't miss, News, OWASP, report, threats /

Prompt injection still drives most agentic AI security failures in production 2026-06-11 at 08:43 By Anamarija Pogorelec A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model gateway for CrewAI, DSPy, Microsoft GraphRAG, and dozens of other AI agent

Prompt injection still drives most agentic AI security failures in production Read More »

Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)

Don't miss, enterprise, gateway, Hot stuff, Ivanti, News, vulnerability, WatchTowr /

Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520) 2026-06-10 at 17:24 By Zeljka Zorz Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the vulnerabilities are not known to be actively exploited, security researchers have already released technical details

Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520) Read More »

Record Microsoft Patch Tuesday, fresh zero-day

AI, Don't miss, Fortra, Hot stuff, Microsoft, Microsoft Defender, News, Patch Tuesday, patching, security update, Tenable, Trend Micro, Windows /

Record Microsoft Patch Tuesday, fresh zero-day 2026-06-10 at 14:23 By Zeljka Zorz Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher behind weeks of escalating Windows exploit releases, dropped a proof-of-concept exploit for a new zero-day: “RoguePlanet”, which abuses a race condition in

Record Microsoft Patch Tuesday, fresh zero-day Read More »

Every set of AI guardrails can be broken by the right prompt

AI, Don't miss, News, NIST, research /

Every set of AI guardrails can be broken by the right prompt 2026-06-10 at 11:31 By Mirko Zorz Companies that build AI systems wrap them in guardrails meant to block harmful output, including deepfakes, malware, and instructions for making biological weapons or illicit drugs. When a user prompts the system for such content, the guardrails

Every set of AI guardrails can be broken by the right prompt Read More »

The security in smartphones is helping send them to landfills

Don't miss, Encryption, Features, hardware, mobile devices, News, research, smartphones /

The security in smartphones is helping send them to landfills 2026-06-10 at 09:55 By Mirko Zorz Billions of working smartphones reach the end of their service lives each year and move into drawers, recycling streams, and waste piles. The WEEE Forum estimated that 5.3 billion mobile phones became electronic waste in 2022. Many of these

The security in smartphones is helping send them to landfills Read More »

Product showcase: Staying ahead of the threat horizon with Aunoo

AI, Don't miss, News, Product showcase, Threat Intelligence /

Product showcase: Staying ahead of the threat horizon with Aunoo 2026-06-10 at 09:55 By Help Net Security Aunoo is an open strategic intelligence platform that uses AI agents to monitor intelligence sources, including for cybersecurity, to compile a daily briefing and alert on defined criteria. Each source is checked for credibility and quality before it

Product showcase: Staying ahead of the threat horizon with Aunoo Read More »

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)

AI, CISA, Don't miss, Horizon3.ai, Hot stuff, LLMs, News, open source, Proxy, vulnerability /

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) 2026-06-09 at 15:21 By Zeljka Zorz A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Monday. About CVE-2026-42271 LiteLLM is

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) Read More »

The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic

CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, strategy /

The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic 2026-06-09 at 09:42 By Help Net Security The advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism.

The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic Read More »

Malware ships with bugs that defenders could use against it

Don't miss, Features, Hot stuff, Malware, News, research /

Malware ships with bugs that defenders could use against it 2026-06-09 at 08:46 By Anamarija Pogorelec Static analysis tools have spent years scanning legitimate software for security bugs before it goes out the door. The same scanners work on malware, and malware carries a steady supply of its own bugs. Researchers ran four of these

Malware ships with bugs that defenders could use against it Read More »

Treating AI agents like service accounts for federated query security

access control, agentic AI, AI, CISO, cybersecurity, Don't miss, Features, LLMs, News, opinion, strategy /

Treating AI agents like service accounts for federated query security 2026-06-09 at 08:46 By Mirko Zorz In this interview with Help Net Security, Paras Malhotra, CISO at Starburst, explains how the company handles data governance across federated query environments. Topics include layering Starburst’s access controls above native source permissions, tiering vendor risk across more than

Treating AI agents like service accounts for federated query security Read More »

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)

0-day, Check Point, data theft, Don't miss, enterprise, Hot stuff, News, Ransomware, secure access, VPN, vulnerability /

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) 2026-06-08 at 16:16 By Zeljka Zorz A Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. About CVE-2026-50751 Check Point Remote Access VPN enables and secures connections between

Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) Read More »

CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318)

CISA, Don't miss, enterprise, file transfer, Government, Hot stuff, News, SolarWinds, vulnerability /

CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) 2026-06-08 at 14:07 By Zeljka Zorz A vulnerability (CVE-2026-28318) that can be exploited to crash SolarWinds Serv-U file transfer servers is being leveraged by attackers in the wild, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Friday. The agency has ordered US federal civilian

CISA: Patch actively exploited SolarWinds Serv-U DoS vulnerability (CVE-2026-28318) Read More »

DockSec: Open-source AI-powered Docker security scanner

containers, Docker, Don't miss, GitHub, Hot stuff, News, open source, OWASP, scanner, software /

DockSec: Open-source AI-powered Docker security scanner 2026-06-08 at 13:09 By Mirko Zorz DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, correlates the findings, returns

DockSec: Open-source AI-powered Docker security scanner Read More »

Scroll to Top