Don’t miss

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)

0-day, APT, Cisco, Don't miss, exploit, Hot stuff, Mandiant, News, SD-WAN /

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) 2026-06-05 at 15:49 By Zeljka Zorz A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would require […]

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) Read More »

June 2026 Patch Tuesday forecast: Where are the CVEs?

Adobe, Anthropic, apple, Don't miss, Expert analysis, Expert corner, Ivanti, Microsoft, Mozilla, News, opinion, Oracle /

June 2026 Patch Tuesday forecast: Where are the CVEs? 2026-06-05 at 10:16 By Help Net Security My forecast from last month was only partly right. After the Anthropic Mythos announcements and the deluge of newly discovered vulnerabilities from vendors like Mozilla, Microsoft’s updates were standard fare, 65 CVEs reported in Windows 11 and 58 in

June 2026 Patch Tuesday forecast: Where are the CVEs? Read More »

AgentGG: Open-source agentic SAST scanner

agentic AI, Don't miss, GitHub, Hot stuff, News, open source, software, TikTok /

AgentGG: Open-source agentic SAST scanner 2026-06-05 at 09:24 By Mirko Zorz Static analysis tools have spent years matching source code against known-bad patterns and handing engineers long lists of candidate issues to triage by hand. AgentGG approaches the same job with AI agents that read the code, follow imports, walk the call graph, and confirm

AgentGG: Open-source agentic SAST scanner Read More »

Thieves can pull off keyless car theft in under a minute and here’s how to stop them

attack, authentication, Bluetooth, car, car hacking, Don't miss, EU, Europe, Germany, GPS, hardware, News, threats /

Thieves can pull off keyless car theft in under a minute and here’s how to stop them 2026-06-05 at 09:24 By Mirko Zorz A keyless car can be stolen in under a minute. Two people, a pair of cheap radio amplifiers, and a fob sitting on a hallway table inside the house. That is enough.

Thieves can pull off keyless car theft in under a minute and here’s how to stop them Read More »

OAuth marketplace apps keep access after publishers vanish

auditing, cyber risk, cybersecurity, Don't miss, GitHub, Google Workspace, News, OAuth, report, research, Risk Management /

OAuth marketplace apps keep access after publishers vanish 2026-06-04 at 16:06 By Mirko Zorz Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. The OAuth

OAuth marketplace apps keep access after publishers vanish Read More »

The modern-day business can learn a lot about risk from this year’s mega events

Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, LogicGate, News, opinion, Risk Management, strategy /

The modern-day business can learn a lot about risk from this year’s mega events 2026-06-04 at 13:17 By Help Net Security Every year brings its share of global events, but 2026 is proving to be a banner year for mega-scale entertainment. The year got off to a roaring start with the Winter Olympics, and now

The modern-day business can learn a lot about risk from this year’s mega events Read More »

Spotless compliance evidence can still hide a broken control

auditing, CISO, CMMC Accreditation Body, Compliance, cyber risk, cybersecurity, Don't miss, Features, framework, Hot stuff, News, NIST, opinion, Risk Management, Secureframe, security assessment, security controls, strategy /

Spotless compliance evidence can still hide a broken control 2026-06-04 at 09:26 By Mirko Zorz In this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss

Spotless compliance evidence can still hide a broken control Read More »

Attackers already know the secrets are on your developers’ machines. Do you?

Don't miss, Expert analysis, Expert corner, GitGuardian, Hot stuff, News /

Attackers already know the secrets are on your developers’ machines. Do you? 2026-06-04 at 09:26 By Help Net Security In a recent GitGuardian analysis, an average of 150 secrets were found on a sample of developer endpoints. Private keys accounted for 38% of unique secrets, while cloud, identity provider, and secret management credentials (AWS IAM,

Attackers already know the secrets are on your developers’ machines. Do you? Read More »

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment

access controls, asset discovery, cybersecurity, Don't miss, Expert analysis, Expert corner, manufacturing sector, network, News, opinion, patching, vulnerability management /

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment 2026-06-04 at 09:26 By Help Net Security A vulnerability scanner flags a critical CVSS 10 vulnerability on an industrial asset. The report lands in the boss’ inbox and now he wants to know why we’re sitting on a critical vulnerability. In a normal IT

From critical to controlled: Cutting vulnerabilities in a live manufacturing environment Read More »

Autonomous AI-driven worm can reason its way through corporate networks

AI, Don't miss, Hot stuff, LLMs, News, research, threat, worms /

Autonomous AI-driven worm can reason its way through corporate networks 2026-06-03 at 20:20 By Zeljka Zorz Researchers at the University of Toronto, the Vector Institute, and the University of Cambridge have built and tested a proof-of-concept AI-driven worm that does not operate on a fixed list of exploits. Instead, it analyzes each target it encounters,

Autonomous AI-driven worm can reason its way through corporate networks Read More »

Only 11% of production agents pass the AI agent security bar

agentic AI, AI, cyber risk, cybersecurity, Don't miss, enterprise, Features, Hot stuff, News, research, security controls /

Only 11% of production agents pass the AI agent security bar 2026-06-03 at 14:00 By Mirko Zorz Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing credentials. A new independent assessment of 100 production agents finds that nearly all of them

Only 11% of production agents pass the AI agent security bar Read More »

Google fixes actively exploited Android vulnerability (CVE-2025-48595)

Android, CVE, Don't miss, Hot stuff, News, security update, vulnerability /

Google fixes actively exploited Android vulnerability (CVE-2025-48595) 2026-06-02 at 15:17 By Zeljka Zorz Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-48595 is an integer overflow vulnerability in the Android

Google fixes actively exploited Android vulnerability (CVE-2025-48595) Read More »

Zero trust physical security needs trust decisions at the edge

CCTV, CISO, cyber risk, cybersecurity, Don't miss, Features, hardware, Hot stuff, News, opinion, Risk Management, security cameras, strategy, tips, zero trust /

Zero trust physical security needs trust decisions at the edge 2026-06-02 at 09:09 By Mirko Zorz In this interview with Help Net Security, Chuck Davis, VP, Global Information Security at Hikvision, explains how zero trust applies to physical security systems like cameras and door controllers. He breaks down how to make trust decisions at the

Zero trust physical security needs trust decisions at the edge Read More »

This AI model backdoor attack stays hidden until you customize the model

AI, backdoor, data, Don't miss, News, research /

This AI model backdoor attack stays hidden until you customize the model 2026-06-02 at 09:09 By Anamarija Pogorelec Most teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step carries a security question: the origin of

This AI model backdoor attack stays hidden until you customize the model Read More »

Why you need BAS and autonomous pentesting together

Don't miss, Expert analysis, Expert corner, Hot stuff, News, Picus Security /

Why you need BAS and autonomous pentesting together 2026-06-02 at 09:09 By Help Net Security Most security teams know the drill: A new autonomous penetration testing tool gets deployed, and the first run is genuinely impressive. The dashboard surfaces critical findings, maps lateral movement paths nobody had documented before, and exposes a legacy service account

Why you need BAS and autonomous pentesting together Read More »

Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)

0patch, ACROS Security, Automox, Don't miss, Hot stuff, News, PoC, vulnerability, Windows Server /

Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089) 2026-06-01 at 17:17 By Zeljka Zorz CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) warned on Friday. About CVE-2026-41089 CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon,

Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089) Read More »

NVIDIA goes open source with a big batch of physical AI agent tools

agentic AI, Don't miss, industrial robots, News, NVIDIA, open source /

NVIDIA goes open source with a big batch of physical AI agent tools 2026-06-01 at 11:46 By Anamarija Pogorelec NVIDIA just dropped a big batch of open-source “physical AI” skills and tools, and they’re designed to make a roboticist’s life a whole lot easier. The idea? Take the messy, complicated work behind robots, self-driving cars,

NVIDIA goes open source with a big batch of physical AI agent tools Read More »

Data discovery gaps that catch enterprises off guard

CISO, cybersecurity, data, Don't miss, enterprise, Features, Hot stuff, News, opinion, Schellman, SMBs, strategy, tips /

Data discovery gaps that catch enterprises off guard 2026-06-01 at 11:46 By Mirko Zorz In this interview with Help Net Security, Avani Desai, CEO at Schellman, talks about the gap between what organizations think they know about their data and what discovery scans turn up. She shares stories of shadow data in abandoned cloud storage,

Data discovery gaps that catch enterprises off guard Read More »

EU organizations buckle under rising compliance pressure

AI, CISO, Compliance, conferences, cybersecurity, Don't miss, EU, Features, Government, Hot stuff, News, regulation, Risk Management /

EU organizations buckle under rising compliance pressure 2026-06-01 at 08:19 By Sinisa Markovic Cybersecurity governance in the EU is shifting under expanding frameworks such as NIS2 and DORA, while AI raises new questions for security teams. What the future brings is hard to predict, and organizations must find a way to cope. Antonija Vojnović, Governance,

EU organizations buckle under rising compliance pressure Read More »

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory

agentic AI, Don't miss, GitHub, News, open source, OWASP, software /

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory 2026-06-01 at 08:19 By Mirko Zorz AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory Read More »

Scroll to Top